Advisers Urged to Maintain Cyber Vigilance

NZ Financial Services Group is urging the advice sector to exercise heightened vigilance as cyber criminals ramp up activity over the busy holiday period.

NZFSG says the warning, issued by Principal Security Consultant Laura Bennett, draws on emerging domestic and international threat intelligence as well as a cyber security snapshot from its own adviser community.

Bennett says that as the year ends and the holiday season begins, this busy period is frequently exploited by hackers and scammers who capitalise on year-end deadlines, workloads and priorities.

“We are urging all advisers to be on high alert for sophisticated, seasonal scams.”

The threat landscape

The company says the increased vigilance is supported by recent threat data from New Zealand and Australia, confirming a risk for the financial sector:

• No organisation is too small: The National Cyber Security Centre deals with about one national-level incident daily, some affecting smaller organisations who mistakenly assume they are not targets
• AI-driven sophistication: Cyber criminals are leveraging AI to create highly personalised, flawless phishing emails (spear-phishing), increasing the risk of successful scams
• Targeted industry risk: Over half (53%) of New Zealand SMEs surveyed have faced a cyber threat in the last six months, according to a recent NCSC survey, underscoring the universal risk. Additionally, the financial sector remains a high-target industry. Across the Tasman, almost three-quarters of Australian mortgage brokers surveyed were impacted by scams or fraud in the last 12 months, serving as a serious warning for Australasia.

Network insights highlight barriers to action

A recent NZFSG security poll conducted during a Professional Development Day with Loan Market highlighted critical gaps in the sector’s ability to respond effectively.

Bennett says the survey confirmed that while businesses recognise the growing threat with cyber concerns ranking second only to the state of the economy “…many face significant obstacles like time, budget constraints, and lack of knowledge when taking action.”

Seasonal scams to watch out for

The network says that while adviser businesses and teams must maintain vigilance, the warning must be extended to clients because these seasonal scams are designed to commonly target the general public.

It says to be vigilant against the following seasonal scams:

• Smishing (SMS Phishing): Be cautious of unsolicited text messages claiming “missed delivery” that link to malicious sites
• E-Card phishing: Only open digital holiday e-cards from known and trusted senders, as they can conceal malicious links
• Invoice and receipt fraud: Scammers send fake receipts for high-value purchases, aiming to alarm the recipient into calling a fraudulent ‘support’ number
• General phishing via email: Be alert for suspicious emails offering promotions or urgent updates, and always check the sender’s email address for irregularities

Adviser support and cyber resilience

NZFSG says that it acknowledges the progress advisers have made in boosting their cyber awareness and adopting enhanced security practices since Bennett’s appointment in 2024, noting that the network is committed to helping its advisers build on this foundation and navigate the challenges ahead.

“We understand the risks and barriers, and our team is committed to supporting our advisers in navigating them, helping them proactively strengthen their business’s cyber resilience,” Bennett says.

This support includes regular training sessions and webinars, featuring guests like the NCSC and CyberCX, with more industry specialists planned for 2026. NZFSG also provides a suite of resources and hands-on support to ensure its advisers can build and maintain a strong defence posture.

It’s also encouraging advisers to use the NCSC’s free Own Your Online Business Security Assessment Tool to generate a customised, five to 10-minute action plan to improve their cyber resilience.