The process of selling and purchasing real estate can be arduous enough.  Think about all of the highly sensitive and personal data that gets revealed and transferred – financial statements, tax returns, Social Security numbers, and more.

Then think of the bonanza a cyber criminal would reap from tapping into that cornucopia of information.  Cyber insurance quickly becomes a vital component of the real estate business’ arsenal.According to insurance industry sources, cyber liability insurance helps real estate agents, commercial landlords, and other real estate professionals pay for expenses associated with data breaches.  If a cybersecurity breach would occur, a cyber liability policy could provide coverage for:

• Notifying clients or customers about the breach.
• Good-faith advertising or public relations campaigns to restore reputation.
• Credit monitoring services for affected clients.
• Cyber extortion demands.
• Attorney’s fees.
• Court costs.
• Settlements or judgments.

Real estate businesses regularly handle sensitive customer data and perform sizeable transactions.  Should any of this electronically transmitted data get stolen or otherwise compromised, customers are immediately placed at risk of theft – including identity theft – and could file suit against the real estate business.There is absolutely no reason to remain open to such exposure.  Contact the team of professionals at The Reschini Group for information on how we can fashion a cyber liability package for your organization.

The Software Engineering Institute (SEI) at Carnegie Mellon University defines insider cyber threats as “the potential for an individual who has or had authorized access to an organization’s assets to use that access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”

As such, a team from SEI recently issued the sixth edition of its Common Sense Guide to Mitigating Insider Threats, where it lists the following 21 recommendations for businesses to deploy:

• Know and protect your critical assets.
• Develop a formalized insider threat program.
• Clearly document and consistently enforce policies and controls.
• Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
• Anticipate and manage negative issues in the work environment.
• Consider threats from insiders and business partners in enterprise-wide risk assessments.
• Be especially vigilant regarding social media.
• Structure management and tasks to minimize insider stress and mistakes.
• Incorporate malicious insider threat awareness into periodic security training for all employees.
• Implement strict password and account management policies and practices.
• Institute strict access controls and monitoring policies on privileged users.
• Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
• Monitor and control remote access from all end points, including mobile devices.
• Establish a baseline of normal behavior for both networks and employees.
• Enforce separation of duties and least privilege.
• Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
• Institutionalize system change controls.
• Implement secure backup and recovery processes.
• Close the doors to unauthorized data exfiltration.
• Develop a comprehensive employee termination procedure.
• Adopt positive incentives to align the workforce with the organization.

Many of these guidelines appear to be just common sense business practices, but establishing them firmly, communicating them clearly, and enforcing them consistently makes the difference.  Insuring against internal cyber threats carries its own set of parameters and requirements, as well.The professionals at The Reschini Group can help your organization protect your organization against losses from internal cyber fraud.  Contact us to talk more about this important consideration.* https://resources.sei.cmu.edu/asset_files/TechnicalReport/2019_005_001_540647.pdf

 Periodically, The Reschini Group will focus on a particular topic related to Risk Management or Property and Casualty issues. This month, we focus on Cybersecurity. Read on, and be sure to check out the resources available through the links.

Worth the Investment: Defining Cybersecurity Insurance

Insurance coverage is meant to protect one’s assets in the event of theft, damage, or disruption.  When your online information gets hacked, all three factors come into play.  So why not carry insurance to protect yourself from this potential disaster?

Cybersecurity insurance does just that.  The U.S. Department of Homeland Security defines it as follows:“Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.”The 2017 Cost of Data Breach Study, conducted by the Identity Theft Resource Center, has stated that:

• The overall cost per data breach worldwide decreased from $4 million to $3.62 million over the past year, but those same costs increased in the U.S. by 5 percent, to $7.35 million per data breach.
• Having an incident response team reduced the cost of a data breach by nearly $1 million.
• Health care is the most costly industry for data breaches, costing organizations $380 per compromised record.

Having a cybersecurity protocol, backed by the proper level of insurance coverage, is not only smart business – it could keep your business from disappearing altogether.  The National Cybersecurity Alliance reported that nearly 60 percent of small businesses victimized by cyber attack closed permanently within six months.  Putting the right protection in place is not difficult, and can be achieved more cost-effectively than might be assumed.Fitch Ratings said that cybersecurity insurance policies in the U.S. have risen by 35 percent, reflecting a growing awareness and appreciation of the risks and how to reduce them.  The cybersecurity insurance specialists at The Reschini Group can work with you to help safeguard your organization in the same way.

More About Cybersecurity

Read The Reschini Blog: Protecting Yourself from Online Data Breaches

Read The Reschini Blog: Guiding Parameters for Preparedness in Cybersecurity

Get: Cyber Risk Exposure scorecard

Get: Cybersecurity for Small Business

Get: Cybersecurity for Healthcare Organizations

Protecting Yourself From Online Data Breaches

By The Reschini Group

Attacks can come from unexpected directions. A right-handed football quarterback, for instance, had better hope that the left side of his offensive line can block the onrushing defense; otherwise he’s sure to be hit on his blind side.

The same rules apply when it comes to managing the risk regarding online data breaches. Most businesses realize this and have taken some steps to prevent damage, but there’s always a new “blind side” coming around the bend.Managing the data breach risk posed by cyberattack only promises to become more difficult and challenging, as rapid and unending changes – that can make conducting business more efficient in many ways – can also open fresh doors for those with malicious intent. What’s worse, a cybersecurity breach could result from simply misplacing a laptop or smartphone containing sensitive data.In a dramatic example of the need for diligence in HIPAA data protection policies, a provider of diagnostic imaging services discovered that one of its folders containing patient information was accessible to the public via the Internet. As a result, more than 300,000 patients’ billing information may have been exposed for months before the provider realized its error and removed the folder from public view.The oil and gas industry faces potential exposure to data breach risks, in one example, from subcontractor personnel working onsite, with the possibility of sensitive information on customers and financial data being accessed and shared. Yet the unwanted release of private information – while damaging enough – may not represent the worst part of a data breach. That comes with the cost to repair the damage after a breach has occurred, in most cases.Addressing cyberattacks varies by state, but in Pennsylvania, every data breach requires notification of every individual potentially affected, representing enormous costs in communication, credit repair, and image restoration. According to the 2015 Cost of Data Breach study*, conducted by IBM, the average recovery cost per lost or stolen record ranged between $145 and $154. The same study found the average consolidated total cost of a data breach is $3.8 million, a 23% increase since 2013.Let the experts at The Reschini Group help to ensure that all of your cyber flanks are covered properly. Don’t take an unnecessary and expensive hit from the blind side.Copyright 2016 The Reschini Group* http://www-03.ibm.com/security/data-breach/The Reschini Group provides these updates for information only. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.