Sharon Fox-Slater of EBM’s RentCover explains how real estate businesses need to mitigate the risk of cybersecurity, with ransomware attacks and data breaches on the rise.
It wasn’t that long ago that the only Trojans we knew of were an ancient people who made the fatal mistake of accepting a gift of a horse from their neighbours. Today, a real estate business could be besieged by a Trojan of a different kind.
Together with malware, ransomware and spyware, software Trojans are now part of the cybercriminal’s arsenal – and could easily invade your business systems and wreak havoc.
You’d be wrong if you thought that cybercriminals only target big business. The SME market is a growing target for hackers and organised crime gangs, and a lot of money is being stolen from everyday people and smaller enterprises.
The simple fact is that a suburban real estate agency is not going to be able to devote the kind of IT resources to cybersecurity that Google and Apple can.
That means small business are easier targets and ripe for the picking. Many SMEs store data which can be profitable – think identity theft – or may have access to the systems of bigger companies offering even richer pickings.
Costing the economy up to $17 billion a year, cyberattacks have become the number one economic crime in Australia, according to the Commonwealth Government. It’s a growing trend we are noticing in the insurance world too, with a rising number of claims for cybercrime, in particular ransomware attacks and data breaches.
Last year was awash with headline-making ransomware attacks – WannaCry, Petya and NotPetya – affecting hundreds of thousands of computers across the globe and disrupting businesses in every industry, from retail to nuclear power plants to the Cadbury chocolate factory in Tasmania (which induced a mild panic as I had to consider whether I should stockpile Cherry Ripes!). Ransomware is gaining in popularity amongst the unscrupulous and it is the most reported form of cyber incident.
While the ransom demanded is not usually big – for example, the WannaCry ransom was $300 worth of cryptocurrency Bitcoin to unlock the contents of the computers – the ransom itself is just the tip of the cost iceberg. Productivity and production can be severely impacted, clients can be inconvenienced and reputations can be tarnished – not to mention the eye-watering costs that can be associated with forensic investigations and system security analysis.
Data breaches are also of increasing concern. There were a number of high-profile breaches in 2017, including 57 million Uber drivers and passengers having their contact details exposed, and the social security numbers of 143 million US customers of credit reporting agency Equifax being compromised.
These cases serve as a timely warning for Australian businesses as we prepare for mandatory data breach notification legislation, which came into effect on 22 February 2018. Any business subject to the Privacy Act will be bound by the new laws and, while most small businesses (those which turn over less than $3 million p.a.) are exempt, any business that operates a residential tenancy database must comply with the requirements.
Suffering a ransomware attack can be hugely inconvenient for a business, but the ramifications of a data breach can be far more damaging as it impacts customers’ privacy.
Cyberattacks can have serious ramifications for an organisation – financial, operational, legal, reputational – making risk mitigation a necessity.
Protection for your business against cyberattack starts with prevention. Your EBM broker can provide a cybersecurity checklist to offer some guidance in this area, together with insurance options designed to protect against various cyber exposures, including crisis response.
A typical cyber insurance policy is designed to provide protection when there is a breach of your IT systems resulting in loss of your (or someone else’s) information, and offers coverage for a range of first-party and third-party losses.
Whilst prevention is key, without a cyber insurance policy you may not have the resources to manage a data breach. What would you do if you experienced a cyberattack? Is your IT provider experienced enough to respond quickly?
FIRST-PARTY COVERAGE GENERALLY INCLUDES
- IT system restoration and remediation
- Business interruption
- Forensic investigation and data recovery
- Crisis management and PR
THIRD-PARTY COVERAGE GENERALLY INCLUDES
- Regulatory defence expenses
- Litigation expenses
- Notiﬁcation costs
- Communications and media liability
SOME ADDITIONAL BENEFITS OF COVER UNDER A SEPARATE CYBER INSURANCE POLICY
- Incident response and investigation costs
- Crisis management support via incident reporting hotline (open 24 hours, 365 days of the year) and local vendor
- Legal costs in defence and investigation
- Regulatory fines, penalties and defence costs
As cyber is a fairly new and evolving area for insurers, the market is constantly changing to keep up with technology and how the criminal element uses it to make mischief and money.
Should a business suffer a cyberattack with cyber insurance cover in place, insurance provides access to a crisis response team to work side by side with the policyholder from the initial attack (even paying the ransom if necessary) through to returning the business to operation afterwards. Cyber incidents can be unnerving as they put your business at risk and create a sense of unwitting exposure and vulnerability. The advice and support afforded via cyber insurance when disaster strikes can really be invaluable.
I urge all principals to consider cyber insurance cover as a core component of their insurance program to help safeguard their businesses, their clients, their reputations and ultimately their livelihoods.
Our advice about insurance is provided for your general information and does not take into account your individual needs. You should read the Product Disclosure Statement and Policy Wording prior to making a decision; these can be obtained directly from EBM.