$399 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

You hold more sensitive client data than almost any other small business.

Think about what's in your systems right now: driver's licences, passports, Medicare cards, payslips, tax returns, bank statements, credit reports. The complete identity package for every client you've ever helped. A single breach doesn't just expose one person—it exposes dozens or hundreds of individuals to identity theft, financial fraud, and years of ongoing risk.

This makes you a high-value target. Criminals know that mortgage brokers hold the exact documents they need to open bank accounts, apply for credit cards, take out loans, and steal identities. Your client database is worth more to them than most businesses because the information is already verified and complete.

The Privacy Act requires you to protect this information.

By law you must take "reasonable steps" to protect the personal information you hold. If you suffer a breach and can't show what protections were in place, penalties run up to $50 million — but the real damage is telling every affected client their identity documents were exposed because the basics weren't covered.

ASIC and your aggregator expect security controls.

Your Australian Credit Licence obligations include maintaining adequate risk management systems—and ASIC increasingly views cyber security as part of that requirement. Aggregators are tightening their compliance requirements too. Security questionnaires, mandatory training, and minimum control standards are becoming standard. Can you demonstrate you're meeting these expectations?

Your CRM and lender portals multiply the risk.

Salestrekker, MyCRM, Mercury—your systems contain complete financial profiles: income, assets, liabilities, employment details. Lender portals hold even more. One compromised password gives criminals access to everything they need for targeted fraud. When did you last check who has access to these systems and how they're protected?

Settlement fraud is an additional, specific threat.

Beyond data theft, criminals actively intercept property transactions. They compromise email accounts, monitor settlements, then send fraudulent payment instructions. As the trusted adviser in the transaction, if your email is used to misdirect funds, clients will blame you—even if you're technically a victim. Proper email security and verification procedures aren't optional.

This health check is built specifically for mortgage brokers.

Plain-English questions covering client data protection, ID document security, CRM and lender portal access controls, email security, settlement fraud prevention, and aggregator/ACL compliance. No technical jargon—designed so any broker can complete it and understand the results.

What you get:

72
Plain-English Questions
Specific to mortgage broking—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Mortgage brokers, finance brokers, and credit representatives. Whether you're a sole operator or run a team—if you handle client financial information and identity documents, this health check is designed for you.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the Mortgage Broking Cyber Health Check

Get My Health Check
$399 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why are mortgage brokers targeted by cyber criminals?
Mortgage brokers collect the most complete identity packages of any professional — passports, driver's licences, payslips, tax returns, bank statements, and credit reports for every client. This verified identity data is used by criminals to open fraudulent bank accounts, apply for loans, and steal identities. The volume and completeness of the data held makes a single breach potentially catastrophic for dozens of clients.
What obligations do mortgage brokers have around data security?
ASIC's regulatory guidance and Australian Credit Licence (ACL) obligations require licensees and credit representatives to maintain adequate systems to protect client information. Aggregators typically impose security requirements on their broker networks. The Privacy Act 1988 applies to all brokers collecting personal information. PI insurers and professional associations assess cyber controls as part of their risk assessment.
What does the Mortgage Broker Health Check cover?
The health check covers client identity document handling and storage, CRM and loan origination system security, aggregator portal access controls, email security against phishing and BEC, document sharing practices with lenders and solicitors, remote and mobile device security, staff access management, and incident response planning for mortgage broking businesses.
What do I receive after completing the health check?
You receive a professional Word report with an overall security score and a prioritised action list. Recommendations are specific to mortgage broking risks and are suitable for sharing with your aggregator compliance team, PI insurer, or keeping on file as evidence of reasonable steps to protect client identity information.

View all frequently asked questions →

Further Reading

Resource

Cyber Security for Mortgage Brokers

Why mortgage brokers are prime targets for identity theft, what ASIC and aggregators require, and how to protect client identity documents and settlement transactions.

Read the guide