The recent high-profile cyberattacks on major retailers such as M&S have sent shockwaves through boardrooms across the UK. In the past year alone, one in four businesses have fallen victim to cyber threats. For companies handling client money, these attacks represent an existential threat. They create a perfect storm of legal liability, regulatory penalties, financial losses, and reputation-destroying breaches of trust, risking permanent damage to even well-established businesses.
The scale of the challenge should not be understated. Cyber-attacks cost UK businesses an estimated £64 billion each year, including £37.3 billion in direct costs such as ransom payments, lost funds, legal fees and operational disruption.
The AI Threat
The threat to UK businesses is constantly evolving and AI has emerged as both a powerful weapon for cybercriminals and a potential defence tool. Hackers are increasingly leveraging AI to create more convincing phishing emails, automate attack vectors, and develop sophisticated tactics that can trick even experienced professionals. The full scale of the risks posed by the credibility that AI can lend to fraudulent communications isn’t yet fully understood and will undoubtedly continue to keep pace with the solutions businesses deploy to prevent them.
Specialised Protection
In an increasingly hostile digital landscape, attempting to build first class cybersecurity in-house has become a challenge for many companies, how to balance the rapid deployment requirements against the efforts and costs this will introduce against the potential for business disruption can lead to critical decisions being delayed or simply not made, being ahead of the game can have adverse consequences and being too late even more costly, so timing becomes critical. Specialised third-party payment platforms offer a compelling alternative to protecting funds as these problems become the responsibility of the supply partner. Some of these platforms offer specialised encryption, 24/7 monitoring systems, and multi-layered fraud detection capabilities that far exceed what most can achieve independently.
Regulated payment providers must meet strict compliance standards that create a guarantee of protection individual firms typically lack. Closely monitored by regulators, they are subject to strict security standards that are regularly tested and updated. This helps protect client funds and shifts liability away from the main business.
Many firms may see the immediate cost of these systems as one they can’t afford, however, the impact of becoming a victim of an attack can be far greater. Partnering with trusted third-party specialists for financial protection allows companies to better utilise their existing internal resources on core business activities. Rather than having teams spend time navigating complex protection requirements, staff can dedicate their time to other key strategic areas.
AI Implementation
The payments industry faces a unique challenge on implementing AI technology. Unlike other sectors where experimentation carries less risk, payment companies are custodians of a critical service to society and all of its members, the significant impact associated with risking peoples access to money is not a responsibility that the industry takes lightly. Integrating AI at any stage requires a measured, considered approach that does not carry unnecessary risk or exposure of sensitive or personal data.
At Shieldpay, we’ve implemented AI elements strategically, focusing on internal operational efficiencies rather than replacing critical human oversight. We recognise that while AI will play a significant role in the future of our industry and help streamline processes, we cannot afford to rush into untested technologies without due diligence. AI infrastructure is just as likely to be targeted by hackers as it is to be used to defend against them.
The Critical Human Element
The most successful AI implementations in financial services will maintain a balance between automated intelligence and human touch. People conduct business with people, and this truth remains unchanged regardless of technological innovation. AI should be deployed to help professionals find solutions faster and make more informed decisions, but not to execute critical services in the absence of human oversight or accountability.
Consider fraud prevention. AI can flag potentially suspicious transactions and analyse patterns across thousands of data points, but human judgment remains essential for making final determinations about complex and specialised cases. If implemented, this hybrid approach leverages the analytical power of AI while preserving the understanding and relationship handling that only humans can provide.
The Legal Sector
It is worth highlighting the legal sector in particular, as it holds the largest volume of client funds of any industry and is currently awaiting the outcome of a hearing from the Solicitors Regulatory Authority (SRA) on whether firms should be able to continue holding client money internally.
Should the SRA mandate this, it’s likely firms will have to go through third-party providers and would represent the most significant change to legal finance management in decades. However, rather than viewing this as regulatory burden, forward-thinking firms are already recognising the competitive advantages of outsourcing client fund management to specialists who can provide better protection, reduce liability exposure, and free up resources for core legal services.
Caution is the word
As fraudsters weaponise AI to target client funds, there’s pressure to rapidly deploy AI-powered protection systems in response. However, a rush to implement untested tech risks creating new vulnerabilities, the payments industry cannot afford to treat security as a playground for these new innovations.
Despite all technological advances, human expertise remains, particularly in the analysis of the technical outputs, our strongest defence against financial threats, the ‘what does that mean and how do we apply that’ to solve issues and benefit the end customer. While AI excels at processing data quickly, humans still come out on top for creative thinking and situational knowledge to keep client money from harm. The future of fund protection lies in combining human expertise and technologicval innovation thoughtfully, not in choosing between them.
