With more people than ever before working remotely, there is a lot more vulnerability surrounding IT systems, which has resulted in an increase in the number of cyber-related crimes. Data from Interpol shows that during the pandemic, ransomware incidents have increased by more than a third, with Phishing/Scam/Fraud claims increasing by 59%.
Paul Offley, Compliance Officer at The Guild of Property Professionals, says that the increased number of cyber-crime incidents has led a substantial correction in cyber insurance premium rates, as well as insurers requesting more data and demanding much tighter risk management procedures. “Where possible property professionals need to ensure that they have procedures in place to protect their systems against cyber-crime, especially considering the amount of sensitive data that both estate and lettings agents would hold, such as addresses, account details, alarm records and passwords to access homes, not to mention passport details and the like. It is this sensitive information that has made those within the property sector a target for cybercriminals,” Offley advises.
He adds that cyber liability is not typically included under professional indemnity insurance and it (PI) should not be relied upon as an alternative to a standalone cyber liability policy covering first and third-party loss. With the increased occurrence of cyber-crime, property professional’s reliance on technology, along with the type of information they hold, it is imperative that agents consider added cyber liability to their insurance programme if they have not already done so. “Most businesses only take-out cyber liability after they have had an incident, which considering 88% of UK companies have suffered breaches in the last 12 months, seems likely. It is far better to be proactive and get coverage before an incident occurs,” says Offley.
Oliver Wharmby, Director at Mint Insurance Brokers Ltd, said: “Cybercriminals are becoming increasingly sophisticated and have appeared to have shifted their focus from larger companies to SME’s and remote workers during the pandemic. We have seen increased claims frequency due to the vulnerabilities surrounding home working. If large corporate entities and government bodies are susceptible to being hacked, how much more vulnerable are independent agents or remote workers who typically have weaker technological defenses making it far easier to penetrate IT systems,” he warns.
Wharmby adds that many of the cyber incidents seen are ransomware cases which often involve sensitive data being downloaded from inboxes and client folders. “Once a breach has occurred you are required to report it to the Information Commissions Office (ICO) and complete a full investigation to identify how the breach took place and what personal data has been compromised. Informing data subjects that their personal data, such as their passport, account details and address has been taken by a cybercriminal can be extremely delicate and particularly if the data subject is a barrister acting as a guarantor! Cyber Liability policies include instant response cover and it is this section of the cover that is so important to help mitigate any further threats. If your systems are paralysed for a week, it is impossible to quantify the financial loss and brand reputational damage to your business. It is not uncommon for investigation costs alone, regardless of whether a claim is paid out, to exceed £40,000.”
Wharmby says that while nobody is immune to the threat of cyber-crime, there are basic controls that will help reduce the risk:
Regular password updates on all devices.
Password complexity – Strict password rules should be implemented. Keep variety by using different passwords for different accounts.
Do not share your password.
Two Factor Authentication where appropriate.
Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing.
Software updates.
Ensure files are encrypted.
Monitoring of mobile and home working procedures
Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine.
Cyber Liability Insurance
“In the ever-expanding age of digitalization, it is essential that you are aware of the genuine risks associated with cyber-attacks. If agencies do not already have a comprehensive cyber liability policy in place, we would strongly recommend they consider protecting their business from cybercriminals. It is a small price to pay for the reassurance of having support when you need it in a worst-case scenario,” Wharmby concludes.