Has AI made firms more vulnerable to cyber crime?

On the latest episode of The ifa Show, founder of The Cyber Collective, Fraser Jack, explained that enhancements in technology, particularly in the world of artificial intelligence (AI), has made cyber security easier and harder at the same time, as would-be criminals are able to use the same enhanced technology to penetrate businesses.

“I think probably the biggest theme that’s emerged this year in 2025 and moving forward is just the sheer intelligence that computers are creating. We’ve got artificial intelligence, obviously, which is the big theme of the day, but obviously that’s causing a lot of pain and pain points around cyber security. It’s adding a lot of complexity to it,” Jack said.

Expanding on this, he said that while AI is useful in driving efficiencies for advisers, helping them search through their clients’ data, those same capabilities can make it easier for hackers to gather personal information if and when they breach systems.

“Now, that might be really handy if you want to write a birthday letter to all the clients that have got birthdays coming up this week, but also that search functionality really makes it a dangerous point for anybody that wants to get in and search,” Jack said.

Despite the benefits that come with technology enhancements, when it comes to advisers using AI tools, particularly OpenAI tools, Jack warned that if security settings are not properly set, clients’ data and the business itself could be at higher risk of an attack.

“That’s fantastic and handy if you know how to use it in that way. But it’s also a threat in the fact that there could be, if you’re not making sure that the private and confidential information inside of your system is secured, those AI bots aren’t going in and grabbing that information as well,” he said.

“It could just be that the way that that set-up is configured has all of a sudden left you vulnerable or open to the wrong people seeing what they shouldn’t be seeing.”

Even so, some advice firms fall under the belief that because they run a small business they are unlikely to be a target for cyber criminals; however, Jack suggested that, due to the highly sensitive information that advisers are privy to, they are an ideal target for hackers.

“From the point of view of a small business, if you have to tell 100 clients that that’s the case, you’ve just destroyed 100 relationships and then your business could be worth very little after the fact,” he said.

“So, yes, you’re a small business, but you’ve got everything to lose in that scenario. It’s not just about outrunning the person next to you, it’s about making sure that your complete business that you’ve worked your life on building is not destroyed overnight.”

While there are a number of precautions advisers can and should take to strengthen their cyber security, Jack said that breaches could still occur, making it essential that firms are prepared to respond.

In the event of a cyber attack, he explained, businesses have a legal obligation to inform clients of the event so they can take the necessary protective measures, and failure to do so can result in considerable consequences from the regulator.

“They really want to make sure that their clients are safe. That’s their job. And so if you’re not then informing your clients or you’re then running around trying to work out where the problem was and solve it and then not communicating with your clients. It can really come back to bite you when it comes to the regulatory review on what happened,” Jack said.

“So, you really do have to go to your clients and make sure that your clients understand what’s happened. And you really need some clear messaging around that as well. You know, that you’ve pre-thought about that, you don’t just think about it at the time when you’re not thinking straight.”

To hear more from Fraser Jack, tune in here.