Will your E&O policy cover you if your brokerage’s intranet site is locked by ransomware?
Imagine this scenario: An agent arrives at her office to find the company’s intranet site locked with a message on the screen from a hacker demanding ransom.
There’s no reason for panic because, in addition to having a standard errors and omissions (E&O) insurance policy, the brokerage is protected by a cyber liability policy. That’s a type of coverage that an increasing number of insurance companies are offering.
Back to our scenario: The agent informs her broker/owner about the breach. The broker has access to a hotline and a “breach coach,” a lawyer specializing in cyber events, and consults with the breach coach, who confirms that all files can be restored using the system backup. The coach also brings in a forensics expert to determine whether data has been compromised. It hasn’t. Nor has the hacker used the breach to access the intranet site of the larger real estate company the broker is affiliated with. In short, it’s a small-scale extortion. Before the case is closed, the forensics expert works with the broker’s technical staff to seal the system.
This type of minor breach, in which you’re locked out but no client data is compromised, could cost a brokerage $ 10,000 to resolve. But with cyber liability coverage, a brokerage would pay only a fraction of that—typically about 25 percent, depending on the level of protection obtained. With REALTOR Benefits® Program partner Victor O. Schinnerer & Co., base annual premiums start at about $ 750.
Hackers are infiltrating business systems regularly, and the damage is becoming more severe. Internet security giant Symantec found more than 430 million new pieces of malware in 2015 alone, up 36 percent from the prior year. The Federal Trade Commission recently warned that the real estate industry, with its large sums of money changing hands, has become a tempting target for wire transfer fraud. In such a scheme, a hacker breaches the email of a consumer, real estate agent, lender, or title agent; follows the back-and-forth between parties; and then creates an official-looking email, directing the buyers to wire their down payment money to the criminal’s account. Warn buyer clients to check the validity of any email that instructs them to transfer funds electronically. If they fall prey to such a scam, and a forensics investigation reveals it was your email that provided entry to the hacker, you could be subject to a liability claim.
Telephone toll fraud is also on the rise. This is where a hacker gains access to your brokerage’s internet-based phone system and reroutes your incoming and outgoing calls through a 900 number the hacker controls. You see nothing until your next phone bill arrives.
Small and medium-sized real estate companies are particularly vulnerable because they typically don’t have a full-time risk manager on staff. Yet every time an agent uses free Wi-Fi at a coffee shop to check email, your company faces potential exposure to a hacker. Even if you’re using a secured network at the office, you can open a door to your system if you click on a compromised link in an email.
If a hacker accesses your customers’ personal and financial data, that becomes a full-scale breach that would likely trigger state requirements on reporting and other remediation steps, and could even subject your business to fines and other repercussions at the federal level.
When shopping for a cyber liability policy, brokerages should look for:
- Plain-language contracts – It’s hard to decipher what’s covered, and what’s not, if you have to wade through page after page of cyber jargon.
- Breach liability coverage – Know what breaches are covered.
- Breach rectification coverage – Does the policy offer a hotline and a coach who’s qualified to help you manage the aftermath of a system compromise?
Anyone can fall victim to hacking. It’s smart to investigate liability options to keep your clients, your agents, and your company as safe as possible.
Matthew Kletzli is senior vice president, management liability leader at Victor O. Schinnerer & Company, a managing general underwriter of specialty insurance. He can be reached at email@example.com.
Eric Myers is vice president and real estate program manager at Victor O. Schinnerer & Company. He can be reached at firstname.lastname@example.org.
For more information, please visit www.schinnerer.com/NAR.aspx.
For the latest real estate news and trends, bookmark RISMedia.com.