Cyber Liability Insurance for Real Estate Professionals
Cyber Liability Insurance is a fairly new form of insurance policy created to help businesses deal with their 1st and 3rd party risks associated with a cyber attack. Real Estate professionals are a prime target for attacks because they are involved in complicated, multi party, high value transactions with sensitive data. In 2015, the concern over cyber threats, data breaches and fraud within the real estate industry was low; however, today it has become a primary focus for real estate firms.
A few factors play into why real estate is a perfect target for cyber crime. As small businesses, real estate brokerages have limited resources to protect against cyber threats. Compared to larger companies which are made up of full-time employees and dedicated IT departments, real estate consists of independent contractors who work remotely using a disparate mix of devices and technology. It is much simpler to protect an employee who works in an office daily than it is to protect agents who work on the go. Additionally, many real estate clients are everyday people who lack the IT security to protect their personal computers from attacks, which creates a perfect opportunity for hackers.
PBI Group, which is known throughout the real estate industry as Errors and Omissions insurance experts, recognized this growing concern early and have also applied the “Right Coverage at the Right Price” approach to cyber liability insurance. We take pride in locating and evaluating the various cyber polices on the market today in order to find the coverage best-suited to meet our clients’ needs.
What is Cyber Liability insurance?
We get this question a lot. Because cyber liability insurance is so new, the coverage and terms vary from carrier to carrier and the risks change every year as cyber crimes evolve. Early cyber policies were designed around 1st party protection (a 1st party is the insured, a.k.a. You) and covered losses that your business experienced from a data breach. These coverages included Breach Response Team, Forensic Services, Customer Notification Services, Digital Asset Restoration, PR Response, Business Interruption, etc. As cyber criminals became more successful at breaching and stealing, these traditional cyber liability policies have expanded to include cyber crime coverages such as Cyber Extortion, Electronic Transfer Fraud, Deceptive Funds Transfer, Telephone Toll, etc. All of these above-mentioned coverages are 1st party coverages, and, in our opinion, are the important coverages; however, these are often not the reason why a real estate professional decides to buy cyber insurance.
Most real estate professionals are more concerned about 3rd party risks (a 3rd party is your client or your vendor/partner in a transaction; someone who is harmed that is NOT you). Why is this? Well, follow the money. In any real estate business where high value transactions are conducted with sensitive customer information, the real money at risk is not the real estate brokerage’s money, but rather the funds used to buy the property. The criminals know this, so they are looking to steal your client’s money more than they are interested in yours.
What does cyber insurance cover?
Like E&O insurance, listing what cyber insurance covers would be an exhaustive list. The best way to think about what cyber insurance covers is to consider the events that can trigger the policy.
The most common event is a data breach. This is a cyber attack where the hackers gain access to your network or system and either disable it from being used, steal sensitive information from within, or use the systems for their own purposes. Once a breach occurs, the policy can respond in various ways, including forensics analysis to determine when and how the hackers gained access, ongoing legal defense if you company is being sued by a 3rd party, compensation for lost income, repairing your computer system, negotiating with hackers, rebuilding your data and removing malicious code/ malware to help restore operations.
Another common event is media liability which stems from being accused of using a copyright protected image online or posted content on social media which has triggered a demand letter from a 3rd party.
How much does cyber liability insurance cost?
The good news is that cyber liability insurance is cheaper than E&O insurance. Often it runs around $15-$30 per agent or approximately 20%- 30% of your E&O insurance cost when you get above the minimum charged premiums of $1,000. Unfortunately, the premiums are increasing each year as the actual damage caused by cyber criminals are mounting industry-wide.
Cyber Liability for Real Estate Claims Example
The number one claim on cyber policies held by real estate professionals is when home buyers wire their closing funds to the wrong bank because they followed fraudulent transfer instructions. This happens often and here is what it sounds like:Have a listen. Once this occurs, the home buyer will engage an attorney and start the process of suing all parties involved in the transaction- buy side agent, sell side agent, title insurance, etc.
If you receive a demand letter, promptly submit it to the cyber insurance carrier, a claim will be created and coverage will kick in. In this situation, the carrier will engage a forensic team to determine if you had a data breach that led to the fraud. This involves accessing the agent’s computer to search for signs of hacker code, etc. This is the time when you are happy that you made the decision to invest in cyber liability insurance.
Finding the Right Partner
The Real Estate industry has unique needs with respect to cyber crimes. To date there is no comprehensive cyber policy specifically created for the needs of real estate professionals, as there is with E&O insurance. Given this landscape of generalized cyber policies, it requires an insurance partner like PBI Group who is willing to research and confirm with the carrier the needed coverages for real estate professionals.
Insurance is important, but it cannot be your only method of protection. PBI Group recommends a multi-pronged approach to protecting your company which includes: improved security to secure your most valuable system (email) that is used by employees and independent contractors, creating a cybersecurity plan so you know what to do and who to call when a cyber attack has occurred, as well as increase your cyber awareness of your agents and clients through communications and training.