WealthTech Spotlight: AI in cybersecurity: A shield and a sword for financial services

Artificial intelligence (AI) is rapidly evolving, and in financial services it is acting as both a powerful ally and a formidable threat. On one side, AI strengthens our defences: automating threat detection, accelerating response times, and helping safeguard sensitive client data. On the other, it’s being weaponised by cybercriminals to launch smarter, faster, and more personalised attacks. We caught up with Software@Scale’s CEO, Louis Droguett, who spoke to us about how to build resilient advice businesses in a digital world.

Software@Scale works with financial firms navigating this new reality - where AI is both a shield and a sword. With CPS 230 on the horizon and cybercrime growing in both frequency and sophistication, financial advisers and institutions must act decisively to protect clients, teams, and operations from the next generation of AI-driven threats.

The sword: AI-powered cyber threats on the rise

Over the next few years, we see the following AI-enabled threats as the most pressing in the financial advice and wealth sector:

Deepfake scams and synthetic identity fraud

AI-generated deepfake audio and video can convincingly mimic executives, colleagues or clients, enabling highly believable social engineering attacks. For example, an advice firm’s staff member could receive a call from a “client” (voice cloned via AI) asking for an urgent funds transfer. Without rigorous verification, the transfer goes through and the funds are lost. Synthetic identities, or AI-generated fake personas, are already being used to apply for loans, open fraudulent accounts, and bypass KYC controls.

Hyper-personalised phishing campaigns

Using AI tools like ChatGPT or LLM-based phishing generators, cyberattackers can now craft highly contextual, flawless phishing emails that are nearly indistinguishable from legitimate communications. For example, a fake investment opportunity could be sent to clients, written in an adviser’s tone of voice, referencing recent conversations, which is generated automatically using compromised email data.

Supercharging targeted entry-point attacks

AI can dramatically accelerate cyberattacks by automating the process of identifying and exploiting weak entry points across an organisation. Instead of targeting a single user, AI-powered tools can quickly scan public data, social media profiles, email formats, and communication patterns of everyone in a firm - from front desk staff to senior advisers. This allows attackers to map out a company’s structure and zero in on the most vulnerable individual. With that data, AI can craft convincing, personalised phishing emails or voice deepfakes tailored to each target. All it takes is tricking one person, and AI makes finding that person faster, easier, and far more precise than ever before.

Dark web-driven ransomware and data leaks

The dark web serves as a hub for ransomware-as-a-service (RaaS) and data leak marketplaces, where cybercriminals plan and execute attacks against financial firms. Ransomware groups often advertise stolen client data, such as loan approvals or portfolio allocations, on dark web forums before demanding payment. In 2022, fintech giant Revolut suffered a breach impacting over 50,000 customers, with data later posted on a ransom group’s dark web leak site. AI enhances these attacks by automating data scraping and encryption processes, increasing their speed and scale. Financial firms face not only financial loss but also regulatory penalties and reputational damage from such leaks.

The shield: How AI can strengthen cyber defense

While these threats are real, AI is also redefining cybersecurity for the better. Financial firms can, and should, harness it to:

• Detect and respond faster: AI-driven systems can process huge volumes of data in real-time - flagging suspicious activity, triggering instant alerts, and locking down compromised systems. Think: an account accessed from two countries at once? Auto-freeze.
• Predict vulnerabilities before they’re exploited: Machine learning models can predict future attack vectors based on historical data, helping firms proactively patch weaknesses before attackers strike.
• Automate compliance and threat intelligence: AI can streamline regulatory reporting, assess control effectiveness, and track changes across infrastructure, helping firms stay compliant with CPS 230 and other evolving frameworks.

Five things advice firms should do now

AI-driven threats are making attacks faster, more convincing, and harder to detect, but staying secure doesn't mean reinventing the wheel. For most financial advice firms, it’s about doing the basics well and consistently. These five actions are simple, proven, and essential.

1. Train your people: Shift from awareness to behavioural readiness

As AI-powered cyber threats grow more sophisticated, firms must continue to learn beyond basic AI awareness and focus on developing real behavioural readiness across their teams. Education should not be treated as a once-a-year compliance exercise - it needs to be continuous, scenario-based, and aligned with the evolving threat landscape. Tools that simulate real-world attacks, such as AI-generated phishing emails and deepfake voice messages, are proving critical. These simulations can address up to 60% of the tactics used in actual cyberattacks, helping staff build muscle memory and improve decision-making under pressure.

Regular phishing drills, incident response exercises, and social engineering simulations tailored specifically to financial advice contexts, can empower staff to respond quickly and confidently to threats. This proactive approach ensures that teams are not simply relying on IT systems to catch attacks, but are actively contributing to a resilient, security-first culture.

To support this shift, firms should consider adopting frameworks like CPS 234 and recognised cybersecurity certifications. These frameworks help formalise core controls such as incident response planning, risk assessments, and third-party oversight, all of which are essential to earning trust in your cybersecurity maturity.

2. Invest in robust detection tools

Invest in sophisticated detection tools that go beyond traditional antivirus and spam filters. Modern cybersecurity platforms now use machine learning and behavioural analytics to identify subtle anomalies in user activity, detect AI-generated phishing attempts, and flag deepfake content in emails or voice communications. These tools can recognise patterns that indicate deception, such as unnatural language structure, time-of-day inconsistencies, or mismatched sender credentials - even when the message appears highly personalised. By deploying these intelligent, adaptive systems, advice firms can proactively detect and block threats before they reach clients or compromise sensitive data.

3. Enable multi-factor authentication everywhere

In an AI-driven threat landscape, the safest assumption is to trust nothing and verify everything - whether it’s a device, a login, or a request. Adopting a zero-trust approach means implementing robust controls like multi-factor authentication (MFA), privilege-based access management, and continuous identity verification. These measures don’t just protect internal systems - they signal to clients that cybersecurity is embedded into your firm’s culture, not just your tech stack. In fact, research shows that MFA alone can prevent nearly 90% of cyberattacks, making it a simple yet powerful step toward a more secure, client-trust-driven business.

4. Patch the gaps: Keep your system updated and maintain vendor oversight

As AI accelerates the speed and precision of cyberattacks, keeping systems up to date has never been more critical. Hackers can scan networks for unpatched vulnerabilities in seconds - turning outdated software into open doors. For advisers, this means routine patching and automatic updates should be non-negotiable across every device and platform.

Cyber risk doesn’t stop at your internal systems. Many advisers rely on a range of third-party platforms, from CRM tools to investment software, all of which store or transmit sensitive client data. It's essential to assess the cybersecurity posture of your providers, ensuring they too have strong patching protocols and risk controls in place. Maintaining your tech stack and monitoring your external partners is not just about operational hygiene - it’s about protecting client trust and safeguarding the integrity of your business in an AI-powered threat landscape.

5. Monitor the dark web for proactive threat intelligence

The dark web is a hidden marketplace for stolen data, AI-powered hacking tools, and ransomware-as-a-service, fueling many of the sophisticated attacks targeting financial firms. Proactively monitoring dark web forums, marketplaces, and Telegram channels can provide critical early warnings of threats, such as leaked client data, compromised employee credentials, or planned attacks against your firm. AI-driven dark web intelligence platforms use machine learning and natural language processing to scan these environments in real-time, identifying risks like stolen KYC documents or credit card records before they’re exploited. For example, in 2023, dark web monitoring helped a U.S. financial institution detect a brute force attack planned against its trading platform, enabling preemptive defenses.

By integrating dark web intelligence into your cybersecurity strategy, you can prioritise vulnerabilities, strengthen access controls, and prevent breaches like synthetic identity fraud or ransomware. This approach also supports CPS 230 compliance by demonstrating proactive risk management and third-party oversight, reinforcing client trust in your firm’s ability to safeguard their data in an AI-driven threat landscape.

Turning insight into action: Building cyber resilience now

AI is reshaping both the risks and the defences in cybersecurity. Staying protected starts with getting the basics right and doing them well, consistently. Financial advisers and institutions must understand AI’s dual role and take practical steps to adapt. Software@Scale helps financial services firms stay ahead of AI-driven threats by delivering scalable, strategy-led solutions that combine compliance, cybersecurity, and operational efficiency.

Software@Scale’s CEO, Louis Droguett, will be discussing why cybersecurity is paramount to client trust and engagement with a panel of industry leaders at Iress’ WealthTech Summit on August 6. Are you an Iress client or partner? Join us by reaching out to your relationship manager or the Iress support team today to secure your spot, or send us a message.