For Insurance Brokers

Your Clients Face Real Cyber Risk.
So Do You.

Insurance brokers hold sensitive client data, access insurer portals, and manage complex supplier relationships — making them a high-value target for cybercriminals. The FCA knows this. Your clients are starting to ask about it. Here's what you need to know, and the free tools to help you act on it.

Everything on this page is free. No login required. No sales process. Built for UK brokers navigating cyber risk in a rapidly changing regulatory environment.
Who built this

Built from Experience, Not Theory

The tools and resources on this page didn't come from a product team — they came from a frustration. After 30 years working across IT infrastructure, risk management and FCA-regulated financial services, I became increasingly aware of the gap between the cyber risks faced by SMEs and the practical help available to them. Most solutions were designed for large enterprises, or focused on selling products rather than helping organisations understand their actual exposure.

So I built what I wished had existed. And before launching anything, I wanted to understand the problem properly.

Franco Pietrantonio, Lead Cyber Consultant at GET-IT

Franco Pietrantonio

Lead Cyber Consultant · GET-IT Cyber Division · FCA-regulated background

Using a passive OSINT approach — nothing intrusive, no systems touched — I developed the Cyber-Vitals scanning framework and ran it across 2,011 UK-biased domains spanning five sectors: Finance, Insurance Brokerage, Charities, Education, Manufacturing and General SMEs. The findings were consistent, troubling, and largely avoidable. They directly shaped every tool and recommendation on this page.

The full findings are available in the report below. I'd rather show you the data than ask you to take my word for it.

📄 Read the UK Cyber Risk Landscape 2026 Report
The data tells a clear story

Email Is Where Most Attacks Begin — and Most Brokers Are Exposed

Four data points, from three independent sources, that tell the same story. Phishing and email compromise aren't theoretical risks for financial services firms — they are the dominant claims category, and the technical foundations that could reduce them remain largely unimplemented.

Is your domain one of the 87.8%?

Run a free Cyber Vitals scan — enter your domain and get instant results across email authentication (SPF, DKIM, DMARC), web security headers, SSL and breach exposure. No installation. No login. Results on screen in under two minutes, with a full report by email.

Scan My Domain →
The threat landscape

Why Insurance Brokers Are a Prime Target

Cybercriminals don't target brokers opportunistically — they target them because of what brokers hold. High volumes of personal data, direct access to insurer systems, and complex third-party relationships make brokers one of the most valuable targets in the UK financial services sector. Yet most broker firms operate as SMEs, without a dedicated security team or formal risk management function.

That combination — high-value data, complex access, limited defences — is exactly what attackers look for.

Client Personal & Financial Data

Names, addresses, financial details, claims history. Highly valuable on dark web markets and subject to ICO reporting obligations if compromised.

Insurer & MGA Portal Access

Credentials to insurer extranet systems are a gateway to policy manipulation, fraudulent submissions, and lateral movement across the supply chain.

Email as a Business Channel

High volumes of financial instruction by email — premium payments, bank detail changes — create significant business email compromise exposure at every renewal cycle.

Delegated Authority Relationships

Binding authority arrangements mean a compromise at broker level can expose MGA and insurer partners upstream — raising the stakes for everyone in the chain.

Supplier & Third-Party Dependencies

Policy management systems, premium finance providers, comparison platforms — each third-party connection is a potential entry point if not properly managed.

SME Operating Model

Most brokers run lean. Without dedicated IT resource, security is often reactive. Patching delays, shared credentials, and legacy systems are common findings in our domain audits.

Real attack patterns

How Brokers Get Compromised

These aren't theoretical risks. Each of the following attack types has been used against UK financial services firms in the past 24 months — including firms of broker scale.

🎣

Phishing

Targeted emails impersonating insurers, HMRC, or senior staff. Often the first step in a larger attack. Business Email Compromise remained the leading claim type in 2025, accounting for 31% of all claims globally.

Most common entry point
💸

Business Email Compromise

An attacker gains access to a mailbox and becomes a silent insider — intercepting payment instructions, harvesting credentials, redirecting client communications. An attacker may dwell undetected for weeks. Premium payments and bank detail changes are high-risk moments for brokers.

High financial impact
🔐

Ransomware

Systems encrypted, operations halted. In 2025, 70% of ransomware claims involved both encryption and data exfiltration. Average ransom demands exceeded $1M. For brokers mid-renewal season, even 48 hours of downtime has serious commercial consequences.

Operational disruption
🔑

Credential Theft

Stolen usernames and passwords used to access insurer portals, policy systems, or email. Often acquired via phishing or purchased from previous breaches. Our domain audit found 87.8% of UK domains technically impersonable — making credential harvesting via fake login pages trivially easy.

Portal access risk
🔗

Third-Party Compromise

An attack on a software provider, aggregator, or support firm cascades to your systems. Third-party breaches accounted for 15% of miscellaneous first-party loss events in 2025. You don't need to be breached directly — a trusted supplier is enough.

Supply chain risk
🕵️

Insider Threat

Departing staff, disgruntled employees, or compromised accounts with excessive access. Insider threats accounted for 5% of claims in 2025. Access controls and offboarding processes are frequently weak in smaller firms — and rarely tested.

Often overlooked
Regulatory context

What the FCA Expects from You

The FCA does not prescribe a specific cyber framework — but it is increasingly explicit that cyber resilience is a core operational risk obligation, not a technical afterthought. The following areas are directly relevant to brokers.

Consumer Duty

The Consumer Duty (PS22/9) requires firms to act to deliver good outcomes for retail customers across the product lifecycle. Cyber incidents that expose client data, disrupt service, or result in financial loss are Consumer Duty failures. Firms are expected to have adequate controls in place — and to evidence them.

FCA Consumer Duty guidance

Operational Resilience (PS21/3)

Since March 2025, firms must have mapped their important business services, set impact tolerances, and tested their ability to remain within those tolerances during disruption. Cyber incidents are explicitly cited as a key resilience threat. Smaller firms are not exempt.

FCA Operational Resilience policy statement

SMCR Personal Accountability

Under the Senior Managers and Certification Regime, senior managers carry personal accountability for the adequacy of their firm's risk management — including cyber risk. That accountability does not disappear because the firm is small or because cyber security was delegated to a third party.

FCA SMCR overview

ICO Breach Reporting

Under UK GDPR, personal data breaches likely to result in risk to individuals must be reported to the ICO within 72 hours of discovery. Brokers hold significant volumes of personal data — claims history, financial details, health information in some cases. Failure to report attracts regulatory sanction.

ICO breach reporting guidance
Baseline controls

What Good Looks Like

The NCSC's Cyber Essentials framework defines five technical controls that, properly implemented, protect against the majority of common cyberattacks. For brokers, these are a credible starting point — not a ceiling. Our ORA tool assesses your position against these controls and others in under ten minutes.

The BIBA member guidance hub is a useful reference for brokers assessing their regulatory position alongside these technical controls.

Free broker tools

Built for Brokers. Free to Use.

Three tools built by GET-IT Cyber Division to give UK brokers a practical, accessible way to understand and act on cyber risk. No login. No obligation. No sales call required.

Domain Scanner

Cyber Vitals

A passive domain security scan that checks how your organisation looks to an outside observer — and to an attacker. Enter your domain and email, get results on screen in under two minutes.

  • SPF, DKIM & DMARC authentication
  • Web security headers grading
  • SSL certificate status
  • Breach exposure intelligence
  • Full PDF report by email
Run a Free Scan [ Free · No login · Passive scan only ]
Assessment Tool

Operational Risk Assessment

A structured 30-question risk assessment aligned to Cyber Essentials v3.3. Produces a scored report across five security pillars with plain-English observations and a branded PDF — in under ten minutes.

Use it to start an informed cyber risk conversation within your own firm, understand your exposure before a renewal, or evidence your operational risk posture to regulators or partners.

  • CE v3.3 aligned across 5 security pillars
  • Scored output with risk-rated observations
  • Branded PDF delivered by email
  • Results available for 7 days after submission
Run an ORA Assessment [ Free · No login ]
Threat Intelligence

MITRE-Lite

A weekly-updated threat intelligence layer built on the MITRE ATT&CK framework — translated into plain English. Covers active attack techniques, real-world incidents, and NCSC advisories relevant to UK businesses.

Stay current on the threat landscape without needing a security operations team. Use it to understand what's active right now in the sectors you operate in.

  • MITRE ATT&CK — plain English edition
  • Updated weekly with active threat narratives
  • NCSC advisory integration
  • Technical dashboard also available
View MITRE-Lite [ Free · Updated weekly ]
When you need to go further

Hands-On Security Services

The free tools above tell you where you stand. If the findings point to something that needs hands-on technical work, GET-IT can arrange it. The following services are delivered through specialist technical partners, managed through us — one point of contact, no need to navigate multiple suppliers.

These are outsourced technical services — GET-IT acts as the point of coordination. All services are delivered by specialist practitioners. Contact us to discuss scope, timelines and pricing.

Certification

Cyber Essentials & CE Plus

Preparation support and independent technical audit for Cyber Essentials and Cyber Essentials Plus certification. Increasingly required by insurers, MGAs, and larger counterparties as a condition of doing business. A natural next step if your ORA surfaces gaps in the five core controls.

Discuss This Service →
Testing

Penetration Testing

Authorised simulated attacks against your systems to identify exploitable vulnerabilities before attackers do. Relevant for larger brokers, those with delegated authority arrangements, and any firm whose insurer or MGA is asking for evidence of testing as a renewal condition.

Discuss This Service →
Infrastructure

Active Directory Audit

A comprehensive review of your Active Directory environment — user access, privilege levels, stale accounts, group policy, and configuration weaknesses. Particularly relevant for broker firms with staff on VPN or remote access, where credential exposure is a primary attack vector.

Discuss This Service →
Certification

IASME Cyber Assurance

Practical support for organisations preparing for IASME Cyber Assurance Level 1 or Level 2 — scope review, evidence preparation, control uplift, and guidance through the certification journey. A more comprehensive alternative to Cyber Essentials for firms that want stronger client-facing credibility.

Discuss This Service →
Industry resources

Authoritative Guidance Worth Bookmarking

These are the authoritative resources we'd point any broker to — no affiliation, no commercial arrangement, just useful guidance.

NCSC

Cyber Security for Small Organisations

Practical, UK-government-backed guidance scaled for smaller firms. Covers email, devices, passwords, and phishing.

→ Visit NCSC ↗ FCA

Cyber Resilience for FCA-Regulated Firms

The FCA's expectations on cyber resilience, including their multi-firm review findings and good practice examples.

→ Visit FCA ↗ BIBA

British Insurance Brokers' Association

Member guidance, regulatory updates, and sector-specific resources for UK insurance brokers.

→ Visit BIBA ↗ ICO

UK GDPR Guide for Organisations

Data protection obligations, breach reporting requirements, and accountability documentation guidance.

→ Visit ICO ↗ GET-IT

What is Cyber Essentials?

Plain-English guide to the government-backed certification scheme — what it covers, what it costs, and whether your firm needs it.

→ Read the guide GET-IT

Staff Clicked a Phishing Link — What Now?

NCSC-aligned guidance on exactly what to do next — calmly, methodically, and in the right order. For UK businesses.

→ Read the guide

CFC Cyber Masterclass — Free, CII-accredited CPD learning for brokers. Over 25 videos covering cyber economics, coverage, threat landscape and security controls. 5 hours of accredited learning at your own pace. Visit CFC Masterclass ↗

Want to Talk Through Your Firm's Position?

We work with brokers and their clients on practical cyber risk — assessments, Cyber Essentials readiness, and incident response planning. No jargon, no pressure. If it's useful, we'll tell you. If it isn't, we'll tell you that too.

Run a Free Domain Scan Run a Free ORA Assessment Book a 30-Minute Call

[ Remote. Confidential. No obligation. ]

Related guidance on this site

→ A member of staff clicked a phishing link — what do we do now? → Do I need cyber insurance for my business? → How much does a cyber attack actually cost a small business? → What is Cyber Essentials and does my firm need it? → Check whether your email domain has appeared in a known breach

A final note

The brokers who will navigate the next five years well are not those who treat cyber risk as an IT problem. They are those who treat it as a business risk — one with regulatory, commercial, and reputational dimensions that sit firmly on the senior manager's desk. After thirty years in regulated financial services, I built these tools because I believe the guidance and insight needed to have that conversation should be accessible to every broker, regardless of size. Use them as often as you need.

— Franco Pietrantonio, GET-IT Cyber Division