Cyberwarfare is now a 'real-world risk' for brokers and borrowers: BSS26

Avards, head of cybersecurity and third-party risk management policy, said cyber threats are now embedded in the wider risk landscape and directly affect firms, clients and advisers. Avards was speaking at this week's inaugural Building Societies Show at Coventry Building Society Arena, which brought together 37 building societies, brokers and senior decision-makers in an event designed to support brokers and improve outcomes for clients.

He described cyber as “a domain of warfare […] comparable to sea, land, air and space”, warning that financial services sit within critical national infrastructure and are increasingly targeted.

He stressed that brokers and firms are heavily exposed through outsourcing and platforms. “You are incredibly reliant on your digital infrastructure and on your third parties,” he added.

A key message for advisers was the role of human behaviour in attacks. “Almost always, there’s a human in the loop that provides a way in,” Avards said, noting that in the case of most attacks, “It wasn’t the system that broke, it was the human element.”

He pointed to recent UK retail cyberattacks, where fraudsters gained access by impersonating staff via IT helpdesks. He urged brokers to adopt a mindset of “polite paranoia” when dealing with clients and third parties.

He also highlighted basic cyber hygiene as critical to protecting clients, including strong passwords and multi-factor authentication, and warned that software updates “aren’t just for new features: they’re fixing vulnerabilities that could expose your systems.”

Statistics from Report Fraud, formerly Action Fraud, show the UK incurred £1.6bn in financial losses from cyber crime in 2025, with an average loss of £6,800 per report. The same data suggest older consumers face greater risks, with average financial losses rising from middle age onwards and peaking among 60 to 69-year-olds. That means advisers need to be alive to financial vulnerability among clients as part of the response to cyber crime.

He concluded that cyber risk now sits firmly within everyday business operations and client protection.

“Cyber is no longer a niche technical issue – it sits at the heart of how businesses operate and how they protect their customers.”