Do you process, transmit or store more than 10,000 financial transactions per year?
YesNo, less than 10,000
Do you use and keep up to date firewalls and anti-virus protection for all systems?
YesNo
Do you use third parties to complete audits of your system and security on a regular basis?
YesNO
Are all portable devices password protected? (mobile phones, laptops, tablets, etc)
YesNo
Do you have encryption requirements for all data including portable media?
YesNo
Do you have back-up and recovery procedures for business critical systems, data and info assets?
YesNo
Do you outsource any part of your network, including storage?
Yes, we use third party providers.No, all managed in house
Do you store sensitive information on web servers?
YesNo
Do you know of any loss payments, fines or penalties being made on your behalf?
YesNo
Are you aware of any matter which might give rise to a claim or loss under such insurance?
YesNo
Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?
YesNo
The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?
YesNo
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
Business Insurance Quote
Contact details:
Sections
Property & Contents
Yes, please quoteNo, thank you
Public & Products Liability
Yes, please quoteNo, thank you
Cyber Liability
Yes, please quoteNo, thank you
Theft & Money
Yes, please quoteNo, thank you
Computers & electronic equipment
Yes, please quoteNo, thank you
Business Interruption
Yes, please quoteNo, thank you
Machinery Breakdown
Yes, please quoteNo, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
For years the real estate industry has been on the receiving end of regular email fraud, ransomware and other assorted malicious attacks despite the media focusing on retail giants and the government.
According to Deloitte, some real estate industry professionals have underestimated their cyber exposure in comparison to retail, travel, hospitality and financial services industries, insisting their organisations aren’t prime targets. With a strong economy and very high rates of technology adoption among businesses, Australia is a prime target for cyber crime attacks and the real estate industry is a strong target.
Online trade, increased reliance on digital solutions and a lack of security culture are a few of the many variables broadening the attack surface for criminals in the real estate industry. Here we will take a look at some vulnerabilities facing the residential and commercial real estate industry.
In December 2012, two people were imprisoned for running a massive identity theft ring in San Diego, California. Much of the personal information is believed to have come from stolen real estate files.
Another real estate specific scam involved rental properties posted online. Cyber criminals copied the digital information from online listings to create their own listing to collect the initial deposit and rent for property they did not own.
Why target a real estate business?
Giving out personally identifiable information such as work experience, date of birth, past rental locations, phone & email address during an application or lease agreement has become part and parcel of renting or buying a property in Australia. As you can imagine, this data is often in a digital format or scanned copies of the physical documents which sit in numerous systems between estate agents & third parties.
The content of the data is sensitive and valuable for financial crimes, identity theft and email fraud
large amounts of money being regularly sent, received & kept in trust accounts
lack of employee training and education towards cyber crime
Multiple devices and passwords shared between employees
The personal data is not easily reset like credit card information. Birth date, names and addresses are nearly impossible to change after a breach
Technology is rapidly introduced to assist with efficiency but little understood
Typically rental records are stored for many years and in large volumes due to industry regulations
Too many people have system access to tenant records. this includes employees and also third parties
“Consider the November 2013 data breach at Target Corporation. In this instance, the hackers were able to find a route through the company’s HVAC contractor’s systems to steal payment card records and other personal information of nearly 110 million customers. Along with reputational damage, the company reported a gross financial loss of $252 million by the end of 4Q14.5
The incident highlights that the IT systems of CRE owners can act as an entry point for hackers to access tenant data, and that they are becoming an increasingly integral part of a tenant’s supply chain. Interestingly, cyber intrusions through CRE companies can create additional vulnerabilities beyond information theft, such as impact on productivity, life safety, and protection.
Billy Rios, a security researcher with the security firm Cylance, Inc. shared his perspectives in a recent interview “Major financial institutions have told us that if you can vary the temperature by five or six degrees, their computers won’t be able to process transactions at the normal rate,” because heat tends to degrade computer performance.
Building management systems, which handle everything from air conditioning to closed circuit television, access control, lighting and door locks, traditionally worked on serial networks and were segregated from conventional IT networks. As these systems have become internet enabled, they are now open to all possible threats that afflict conventional IT systems. The potential for harm is significant. In real estate, the most immediate impact is likely to be felt by the tenant of the building rather than the owner, with loss of sales from collateral impact and loss of clientele. The longer-term impact is then felt by the real estate company as it is forced to compensate its tenants for loss of trading revenues and brand reparation when the true cause of the incident is discovered.
Cyber Insurance Can Help Protect Your Business.
Notable Risks for Real Estate Organisations
A recent SpectorSoft study suggests that 37 percent of data attacks in the real estate sector are perpetrated through insiders. It looks like disgruntled employees are causing a major impact
large amounts of Personally Identifiable Information collected, analysed and stored on systems
Industry requirements for data collection and retention
large amounts of money reguarly moving through the business between many parties
Sharing of tenant information with a variety of providers
Mobile devices such as tablets and phones gaining much wider use
Employee education not up to date
Systems typically allow access points for many users including third party vendors
A heavy dependency on outsourced service providers
The increased use of digital technologies also exposes information and data through multiple channels. At a corporate level, web-based transactions with tenants and vendors, use of cloud services, the growing use of smartphones and tablets under bring your own device (BYOD) policy, and social media presence create multiple access points for the PII data stored by real estate companies.
At an asset level, the interconnectedness through internet protocol-based networks, HVAC and other industrial control systems, and open Wi-Fi networks increase data vulnerability. Do these asset-level cybersecurity risks solely impact the commercial real estate owners? Not in the least—because intelligent buildings tend to be interlinked with tenant systems, creating exposures to tenants whereby their systems and data can be accessed through the real estate owners’ IT systems.
cyber criminals illegally flooded the Albert Park-based firm’s networks — which handle online operations for about 3000 real estate agents — with millions of phony hits in order to crash the systems, in a technique commonly known as a “denial of service” attack.
Small real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers. That’s according to panelists at the Risk Management and License Law Forum
Essex President and CEO Michael Schall said in the company’s statement, “Protecting the personal information of our tenants and employees — and maintaining their trust — is of critical importance to Essex. Unfortunately, cyber-criminals are finding new ways to infiltrate data systems every day, leaving companies increasingly vulnerable to these kinds of events.
A Perth real estate agent is breathing a sigh of relief after a cyber-attack was thwarted in an attempt to steal $500,000 from a trust account.
Cyber Insurance
Cyber insurance policies currently have a wide variation of cover and exclusions as the risk is still evolving. Some insurance providers are asking for encryption across all portable devices, clearly defined regular backup and recovery procedures or independent audits and penetration testing conducted regularly. Over time we will see a clearer understanding and standard of cover.
Some unforeseen professional risks can arise after a cyber attack as a result of an office grinding to a halt. Ensuring business interruption expenses, extortion and 3rd party costs are covered adequately is a primary policy factor. The integrity of data and security of the tenant/owner records; and identity theft of customers also being important risks to consider when reviewing your business insurance portfolio.
We recommend that real estate staff understand the cyber risks in their daily tasks and devices used. Continued employee education is fundamental to securing sensitive data, there are a number of companies offering employee training and false threat testing to heighten employee knowledge.
Current vulnerabilities, scams and prevention methods should be regularly circulated for employee knowledge. There are a number of third parties offering employee training and false threat testing to heighten employee knowledge. One email can breach the entire network, as a result we suggest getting employees to subscribe to and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.
Criminal attacks on unsuspecting medical practices, hospitals and other areas of the healthcare industry have been happening for years in a digital format. Would-be criminals don’t need to physically walk into the practice and reach behind the counter for sensitive records. Now, thanks to many improvements in technology the vast majority of personal files are shared and kept in digital archives with little protection.
As the tech world surges forward we are seeing an unprecedented amount of data being collected, shared, analysed and stolen on a daily basis. These recent leaps in technology are creating extra points of entry for criminals and more concerns regarding patient privacy than ever before. Despite major media coverage and brazen high profile breaches on governments and global organisations, there is still an upward trend in the frequency and severity of privacy breaches. Some industry vendor reports are indicating these breaches are more likely to happen in the health care industry than any other.
Cyber Insurance Can Help Protect Your Business.
Why Is Healthcare Such A Target?
There are many reasons but some major points which make healthcare a prime target are:
The content of the data is sensitive and more valuable. For example, stolen healthcare data has been sold for 10 times that of credit card info
Time critical access. Usernames & passwords being simplified and left openly available for all staff to save time
The personal data is not easily reset like credit card information. Birth date, names and addresses are nearly impossible to change after a breach
Healthcare has adopted technology very rapidly without full understanding of the vulnerabilities
Medical device manufacturers failing to adequately secure the devices
Typically patient records are stored in large volumes and for many years
Too many people have acess to patient records
Unique Risks for Healthcare Organisations
Staggering amounts of Personally Identifiable Information and Protected Health Information collected, analysed and stored on systems
Sharing of health information with a variety of providers, including specialists
Mobile devices such as tablets and phones gaining much wider use
Employee education not up to date which leaves the organisation open to human error
Systems typically allow access points for hundreds of users including third party vendors
A heavy dependency on outsourced service providers
Many organisations have a chain of liability from providers, payors, third party administrators, technology or hardware firms, pharmacy benefit managers, outsourced network service providers and data storage firms
High Profile Breaches
Internationally many medical device manufacturers are being questioned over their failure to ensure the security of their products and instead transfer their responsibility to health care organizations. While these new devices can drastically increase efficiency and diagnoses, they are also creating vulnerabilities for the network they are connected to. Employee error remains the number one cause of exposure but device vulnerabilities are also at alarming rates.
Cyber insurance policies currently have a wide variation of cover and exclusions as the risk is still evolving. Some policies are asking for encryption across all portable devices, clearly defined regular backup and recovery procedures or independent audits and penetration testing conducted regularly. Over time we will see a clearer understanding and standard of cover.
Some unforeseen risks can arise after a cyber attack as a result of an office being forced to return to paper. The integrity of data and security of the health records; and identity theft of patients also being important risks to consider when reviewing insurance policies.
We recommend that medical industry staff understand the coverage they are getting and make sure ransomware and 3rd party costs are covered in their policy.
Overall though maybe the most important preventative measure at the moment is to educate employees. Current vulnerabilities, scams and prevention methods should be regularly circulated for employee knowledge. One email can breach the entire network, as a result we suggest getting employees to subscribe to the MailGuard blog and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.
The Internet of Things revolution has begun and businesses are jumping on board without hesitation, IoT meaning the increasing number of devices which have internet access for one purpose or another. Said to have started in 1991 when a group at the University of Cambridge Computer Labs began using a webcam to monitor the coffee pot levels using their networked camera instead of walking down the hall.
Connectivity in general is also nothing new, we know that the handheld powerhouse in our pockets is constantly sending and receiving data around the world. Recently we tested an anti spyware app called SpyAware which monitors how much data is collected and where it is being sent by other applications. Not surprising, seemingly innocent apps are sending data regularly to hundreds of locations around the world and the same is happening with other new “smart” devices.
Are we haphazardly racing to connect any and all parts of our lives while leaving our private data in the open for the sake of convenience? Absolutely. Watches, children’s toys, televisions, printers, fridges, cars, and just about every appliance in the home or office has seen new versions with network connectivity released. Experts have estimated we have well surpassed the global population with numbers of connected devices with no sign of slowing down.
It is becoming second nature to upgrade to tablets, phones, free customer wifi, smart TV’s and other great technologies. Organisations are taking large steps forward in operational efficiency thanks to the ingenuity of some of these devices but they are also potentially sacrificing staggering amounts of private data to get there.
While we recommend organisations take advantage of the internet of things for marketing, efficiency and business process overhaul. We also strongly recommend understanding the items and their vulnerabilities before adding them to your network.
Insurance
This is an interesting time for insurance providers as the risk for data and identity theft from the staggering abundance of connected devices is unprecedented. Experts have estimated we have well surpassed the global population with numbers of connected devices are are showing no signs of slowing down. Most major insurance providers are proactively researching IoT risks and are trying to pivot accordingly.
Currently many existing business insurance policies will cover basics like theft or accidental damage for items but these policies will not kick in if the device is hacked. Nor will those policies cover data theft or malicious damages caused as a result of the vulnerable device. Cyber insurance policies will round out this area of a risk management report but be sure to understand the policy fine print and the impact of any new devices. For example, some policies will require encryption to be used across all portable devices or risk having the claim denied.
“Things are moving quickly and the insurance industry is playing a bit of catch-up. We know these technologies exist. We already insure them. But what are the future implications? That’s what we need to get our heads around.” says Noel Condon, CEO of AIG
Steven Raynor, Executive General Manager Transformation at QBE Australia and New Zealand recently said in an interview with Insurance and Risk “Insurers will have the opportunity to model and engage in greater analysis and understanding of customers’ needs, as well as fact-based risk assessments about people’s assets.“This opens up the possibility of a whole new range of products and services, and will enable us to more proactively support customers in the management of their risk rather than simply indemnifying them against risks reactively,”
“Network outages could result in significant business interruptions and lead to large losses for businesses. Again, the importance of robust cyber security cannot be understated,” He adds.
Insurers will be looking at more personalised and in depth insurance packages in the future to better asses and quantify business risks. Understanding which devices are being used, encryption & password use for devices, employee education levels, information security procedures, third party vendors used, security audits and a number of other previously unasked questions.
Cyber Insurance Can Help Protect Your Business.
Here a few examples of media coverage for exploited connected devices.
We suggest discussing your current device vulnerabilities with information security staff, researching online and putting a cyber insurance policy in place as soon as possible.
