Data breaches can happen from hackers, employees, competitors, vendors or other third parties and can be intentional or accidental. It is well documented that even the best security systems are being hacked at an alarming rate. Most recently, there has been an increase in the number of real estate companies who have experienced a cyber breach. While this industry is usually not currently categorized as “high risk,” this is beginning to change.
Protecting the personal information of tenants and maintaining their trust is a vital aspect of this business. Real estate professionals routinely obtain, store and transmit personally identifiable information, including social security numbers and financial records. This data is often obtained from credit reports, applications, leases and rental agreements. Co-ops and condos are especially selective and collect much more detailed financial and personal information from their prospective owners and tenants. Sometimes this information can be stored on a property’s hard drive and incidentally can be hacked.
Safeguarding Your Data
That data collection imposes legal duties on the real estate industry to safeguard it. Should it be compromised, real estate professionals could find themselves in the same situation as the organizations we all read about in the news. Legal fees, IT forensics expenses, notification and credit monitoring costs and investigations from government authorities would be expected. The financial impact and reputational damage could be significant. In fact, according to the 2014 Ponemon Institute Cost of Data Breach Study, the average cost to a company was $3.5 million, 15 percent more than what it cost last year.
The real estate industry can start addressing this risk by asking some basic questions. What data do I collect? Why do I collect it? Where is it stored? Who has access to it? How well is it protected? When and how should it be purged? What will we do if it is accessed by an unauthorized party?
Insurance is Evolving
Cyber Liability Insurance, also known as Privacy/Data Liability Insurance, is a rapidly evolving product in today’s marketplace. In fact, Cyber Insurance is the fastest growing coverage in the insurance industry, according to the New York Times. The basic elements of a cyber liability insurance product can include coverage for a number of expenses associated with breach including legal expenses, notification expenses, regulatory fines and penalties, credit monitoring and public relations expenses.
Below is a brief overview of some popular Cyber Liability insurance coverages available to protect your real estate business. Your broker can help you navigate through the options available to ensure your policy provides adequate protection.
Privacy Liability - Covers loss arising out of the organization’s failure to protect sensitive personal or corporate information.
Network Security Liability - Covers any liability of the organization arising out of the failure of network security, including unauthorized access or unauthorized use of corporate systems, a denial of service attack, or transmission of malicious code.
Internet Media Liability - Covers infringement of copyright or trade mark, invasion of privacy, slander, plagiarism, or negligence arising out of Internet content.
Privacy Breach Costs/Data Breach Fund - Covers expenses to notify customers whose sensitive personal information has been breached, to retain a computer forensics firm to determine the scope of a breach, and to obtain legal, public relations or crisis management services to restore the company’s reputation.
Network/Cyber Extortion - Covers extortion monies and expenses associated with a criminal threat to release sensitive information or bring down a network unless payment is received.
Digital Asset Loss - Covers costs incurred to replace, restore or recollect data which has been corrupted or destroyed as a result of a network security failure.
Business Interruption - Covers loss of income and extra expense arising out of the interruption of network service due to an attack on the insured’s network.
PCI Fines and Costs - Pays amounts owed under a merchant services agreement for non-compliance with PCI Data Security Standards.
Cyber attacks are the fastest growing crimes in the world and most standard insurance products do not address this exposure. Don’t leave your business vulnerable and unprotected; your insurance advisor can help you conduct an assessment to identify your company’s risk profile so you can take appropriate actions to reduce those exposures and find a coverage plan designed to meet the needs of your company.
Alex M. Seaman is a senior vice president of HUB International Northeast, a leading global insurance brokerage serving the real estate industry for over 60 years. Call him at 516-677-4708 or at firstname.lastname@example.org.