Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
8 years ago · by · 0 comments

Cyber Insurance & The Real Estate Industry

real estate

Difficulties Facing the Real Estate Industry

For years the real estate industry has been on the receiving end of regular email fraud, ransomware and other assorted malicious attacks despite the media focusing on retail giants and the government.

According to Deloitte, some real estate industry professionals have underestimated their cyber exposure in comparison to retail, travel, hospitality and financial services industries, insisting their organisations aren’t prime targets. With a strong economy and very high rates of technology adoption among businesses, Australia is a prime target for cyber crime attacks and the real estate industry is a strong target.

Online trade, increased reliance on digital solutions and a lack of security culture are a few of the many variables broadening the attack surface for criminals in the real estate industry.  Here we will take a look at some vulnerabilities facing the residential and commercial real estate industry.

Two great examples taken from the AIG Cyber and Data Security Risks and the Real Estate Industry report:

In December 2012, two people were imprisoned for running a massive identity theft ring in San Diego, California. Much of the personal information is believed to have come from stolen real estate files.

Another real estate specific scam involved rental properties posted online. Cyber criminals copied the digital information from online listings to create their own listing to collect the initial deposit and rent for property they did not own.

Why target a real estate business?

Giving out personally identifiable information such as work experience, date of birth, past rental locations, phone & email address during an application or lease agreement has become part and parcel of renting or buying a property in Australia. As you can imagine, this data is often in a digital format or scanned copies of the physical documents which sit in numerous systems between estate agents & third parties.

  • The content of the data is sensitive and valuable for financial crimes, identity theft and email fraud
  • large amounts of money being regularly sent, received & kept in trust accounts
  • lack of employee training and education towards cyber crime
  • Multiple devices and passwords shared between employees
  • The personal data is not easily reset like credit card information. Birth date, names and addresses are nearly impossible to change after a breach
  • Technology is rapidly introduced to assist with efficiency but little understood
  • Typically rental records are stored for many years and in large volumes due to industry regulations
  • Too many people have system access to tenant records. this includes employees and also third parties

Deloitte has written in detail about a few large vulnerabilities facing commercial real estate organisations in their report, Evolving cyber risk in commercial real estate.

“Consider the November 2013 data breach at Target Corporation. In this instance, the hackers were able to find a route through the company’s HVAC contractor’s systems to steal payment card records and other personal information of nearly 110 million customers. Along with reputational damage, the company reported a gross financial loss of $252 million by the end of 4Q14.5

The incident highlights that the IT systems of CRE owners can act as an entry point for hackers to access tenant data, and that they are becoming an increasingly integral part of a tenant’s supply chain. Interestingly, cyber intrusions through CRE companies can create additional vulnerabilities beyond information theft, such as impact on productivity, life safety, and protection.

Billy Rios, a security researcher with the security firm Cylance, Inc. shared his perspectives in a recent interview “Major financial institutions have told us that if you can vary the temperature by five or six degrees, their computers won’t be able to process transactions at the normal rate,” because heat tends to degrade computer performance.

EY’s recent report, Managing real estate cyber security mentioned further unforeseen commercial risks.

Building management systems, which handle everything from air conditioning to closed circuit television, access control, lighting and door locks, traditionally worked on serial networks and were segregated from conventional IT networks. As these systems have become internet enabled, they are now open to all possible threats that afflict conventional IT systems. The potential for harm is significant. In real estate, the most immediate impact is likely to be felt by the tenant of the building rather than the owner, with loss of sales from collateral impact and loss of clientele. The longer-term impact is then felt by the real estate company as it is forced to compensate its tenants for loss of trading revenues and brand reparation when the true cause of the incident is discovered.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Notable Risks for Real Estate Organisations

A recent SpectorSoft study suggests that 37 percent of data attacks in the real estate sector are perpetrated through insiders. It looks like disgruntled employees are causing a major impact

  • large amounts of Personally Identifiable Information collected, analysed and stored on systems
  • Industry requirements for data collection and retention
  • large amounts of money reguarly moving through the business between many parties
  • Sharing of tenant information with a variety of providers
  • Mobile devices such as tablets and phones gaining much wider use
  • Employee education not up to date
  • Systems typically allow access points for many users including third party vendors
  • A heavy dependency on outsourced service providers

The increased use of digital technologies also exposes information and data through multiple channels. At a corporate level, web-based transactions with tenants and vendors, use of cloud services, the growing use of smartphones and tablets under bring your own device (BYOD) policy, and social media presence create multiple access points for the PII data stored by real estate companies.

At an asset level, the interconnectedness through internet protocol-based networks, HVAC and other industrial control systems, and open Wi-Fi networks increase data vulnerability. Do these asset-level cybersecurity risks solely impact the commercial real estate owners? Not in the least—because intelligent buildings tend to be interlinked with tenant systems, creating exposures to tenants whereby their systems and data can be accessed through the real estate owners’ IT systems.

Further reading, Managing Real Estate CybersecurityIs Cybercrime a Threat to Real Estate Agents?

High Profile Breaches

Police probe real estate cyber attack on Victoria based digital firm — Box+Dice

cyber criminals illegally flooded the Albert Park-based firm’s networks — which handle online operations for about 3000 real estate agents — with millions of phony hits in order to crash the systems, in a technique commonly known as a “denial of service” attack.

Cybercriminals Targeting Real Estate Transactions

Small real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers. That’s according to panelists at the Risk Management and License Law Forum

Essex Property Trust Inc. Reports Data Breach

Essex President and CEO Michael Schall said in the company’s statement, “Protecting the personal information of our tenants and employees — and maintaining their trust — is of critical importance to Essex. Unfortunately, cyber-criminals are finding new ways to infiltrate data systems every day, leaving companies increasingly vulnerable to these kinds of events.

Attempted theft of $500,000 in cyber-attack on real estate agency

A Perth real estate agent is breathing a sigh of relief after a cyber-attack was thwarted in an attempt to steal $500,000 from a trust account.

Cyber Insurance

Cyber insurance policies currently have a wide variation of cover and exclusions as the risk is still evolving. Some insurance providers are asking for encryption across all portable devices, clearly defined regular backup and recovery procedures or independent audits and penetration testing conducted regularly. Over time we will see a clearer understanding and standard of cover.

Some unforeseen professional risks can arise after a cyber attack as a result of an office grinding to a halt. Ensuring business interruption expenses, extortion and 3rd party costs are covered adequately is a primary policy factor.  The integrity of data and security of the tenant/owner records; and identity theft of customers also being important risks to consider when reviewing your business insurance portfolio.

We recommend that real estate staff understand the cyber risks in their daily tasks and devices used. Continued employee education is fundamental to securing sensitive data, there are a number of companies offering employee training and false threat testing to heighten employee knowledge.

Current vulnerabilities, scams and prevention methods should be regularly circulated for employee knowledge. There are a number of third parties offering employee training and false threat testing to heighten employee knowledge. One email can breach the entire network, as a result we suggest getting employees to subscribe to and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd ATF Naga Investment Trust T/As Cyber Insurance Australia (CAR 1250594 | ABN 59 378 032 992

Corporate Authorised representative of Community Broker Network Pty Ltd | AFSL 233750 | ACN 096 916 184

Financial Services Guide (FSG), Privacy Policy, Complaints & Dispute Handling (FSG), Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!