In the good old days, the two sure things were said to be death and taxes. In today’s world, should we be adding the inevitability of cybercrime? To help answer that question, let’s look some numbers: The estimated annual cost of cybercrime is $400,000,000,000. Yes, that is billions. Over 68% of funds lost to cybercrime are unrecoverable and there has been a 29% increase in cybercrime since 2003. Between 2015 and 2020, there will be a 300% increase in devices connected to the Internet, from our phones to office lighting to garage doors to our cars. Some say that there are two kinds of businesses – those who have been hacked and those that do not know they have been hacked. There are numerous security steps that every business can take to defend themselves. Even the newest or smallest operation can enlist the aid of a security specialist to utilize the most appropriate software, firewalls and office procedures to minimize the risk of a cybercrime.
In fact, taking certain precautions is mandatory in most states. Massachusetts General Law 93H provides mandates, guidelines and consequential punishments for the safeguarding of personal information of Commonwealth residents and any resulting breach of that data. Those guidelines should be seen as a minimum threshold for what any business should do to protect personal and business data as well as any entrusted funds. Cybercriminals operate a highly sophisticated crime network. If they can breach the government and the big shots of industry, then small/medium-sized businesses are even more vulnerable.
Real estate professionals are especially attractive to the bad guys. Consider that many are owner-operated firms (or franchisees) with minimal IT expertise. There is a dominant use of social media, personal communication devices and the storage of personal and confidential data. Many professionals are also entrusted to hold funds belonging to others in escrow or IOLTA accounts.
The near inevitability of a cyber breach must force one to consider cybercrime insurance. There are more and more products available, which is a good thing. The complexity of the coverage options and the assessment of what one really needs for protection can make obtaining the right insurance plan an intimidating process, but do not let that stop you! To help manage the process, let us start with some basic assessments. Does your business control the funds of others, whether through escrow, IOLTA, other trust accounts, ERISA, check writing duties, etc? If so, your plan should include a “crime” component, including computer fraud, wire fraud and/or social engineering coverages. All businesses (including those that are not responsible for such monetary responsibilities) should consider coverage that includes data breach, ransomware, forensics, data restoration, first and third-party liability, crisis response, employee theft and reputation repair. Many of these items are often not considered when contemplating the cost of a breach but can drive the remediation into the tens or hundreds of thousands of dollars. The better insurance plans also provide preventative information, hotlines and coaching so be sure to ask about those features.
These plans all utilize “insuring agreements”. These are basically subsections of the policy that define the criminal episode (i.e. social engineering, wire fraud, data breach), how coverage might apply and for what amount of coverage. This is the hard part of getting the best coverage for your particular needs. Consulting with an insurance representative versed in the terminology and coverage features crucial to your business, with access to a variety of different policy options, is your best bet to help insure you obtain the most appropriate coverage.
Assuming every business is a target for some type of cybercrime may seem like a doomsday scenario, but to avoid the realistic potential that one’s business will be a target at some point leaves the assets, reputation and viability of that business vulnerable to very unfavorable odds.
Assuming a “when” and not “if” attitude pro-actively provides the best-case scenario for your business and its’ clients.
John Torvi is the vice president of marketing & sales at the Landy Insurance Agency, Needham, Mass.