Cyber Liability Insurance
The Growing Cyber Risk for Residents’ Management Companies – cover from only £120
In 2018, the UK Government estimated that the cost of cybercrime to the UK economy around £27 billion. Due to the frequent media reports of multinational companies falling victim to global cyber-attacks, Property Managers, Residents’ Management Companies (RMC) and RTM Companies could be forgiven for believing themselves unlikely to be the primary targets of such incidents. However, recent studies have shown that UK small businesses (up to 50 employees) suffer over 65,000 attempted cyber-attacks every day, with hackers’ successfully penetrating IT networks on average every 19 seconds. With results such as these, it is clear that anyone is vulnerable to the potentially devastating financial impacts that come with the use of IT. Small businesses and RMC’s are now widely viewed within the Cyber Security industry as the ‘low hanging fruit’ for cyber criminals, chiefly due to their traditionally moderate IT security budgets and reliance upon third-party providers.
It is not only the exponential rise in the frequency and severity of cyber-attacks that is driving demand for Cyber Insurance from Companies across all sectors. Strict new data protection regulations such as the EU GDPR have placed a particular emphasis on any organisation that holds personal information to safeguard data or risk devastating financial repercussions. ‘Sensitive’ information, including banking or health information, has stricter rules than traditional personal information such as names and email addresses and can lead to far more substantial penalties in the event of non-compliance.
Aside from the potential financial penalties for non-compliance (a maximum of the higher of 4% of turnover or EUR 20 million), GDPR places a number of other substantial responsibilities on organisations storing or processing the personal information of their customers and/or employees. Companies are required to notify the UK Information Commissioners Office (ICO) and all affected individuals within 72 hours in the event that the personal information of employees, customers or third-party contractors is breached. The nature of the data breach is of secondary importance, whether resulting from a cyber-attack, the malicious acts of an employee or something as simple as a member of staff leaving a laptop or memory stick containing client information on public transport; the clock to non-compliance starts ticking from the moment the loss of data has been identified. Be it one record stored, or one hundred million, these strict regulations provide a clear incentive for every individual and business owner to consider the potential damage that the mishandling of data can cause.
How could a Cyber Insurance help?
|Cause of Loss
||An RMC employee received an email that appeared to be from one of their regular suppliers, requesting that they ignore their previous email as the attached invoice contained old bank account details. A new invoice was attached with amended bank account details and the employee transferred their annual payment of approximately £29,000 to the new account. The scam was only identified when the original supplier chased for payment at which point the false email address and malicious invoice was identified. Given the time elapsed and the fact the RMC had explicitly requested the account number change to their bank the payment was lost.
||Cyber Covered policies can include cyber-crime cover, meaning that the financial losses incurred due to an unauthorised access to an organisations network, or a ‘social engineering’ style attack, whereby criminals purport to be another individual in order to change their cause of action.
||An error message on all company computer systems stating that access to their network was restricted unless they transferred the equivalent of £2,500 in bitcoin to an untraceable account. The firm was unable to pay suppliers, access client information or conduct normal day-to-day business for 8 hours before they called in outside IT specialists to restore their systems. Thankfully, the business had backed up their server the previous day, meaning the IT specialists were able to restore the network, although this cost the Company another £4,200.
||Cyber Covered policies would have provided instant access to third-party IT specialists to advice on the best course of action in such an event. All costs incurred by the Company for this third-party help would be covered by the policy, including any loss of income that resulted from the network downtime. The cost of the ransom demand itself can also be covered should this be the most cost effective remedy for all parties.
||A new RMC Director or Company Secretary downloaded an attachment from a client’s email, not realising it contained malware. The malware enabled hackers to access the RMC’s IT. The cyber criminals were then able to steal all information relating to residents and third-party supplier contracts used by the RMC, before wiping any record of the data from their IT network. Substantial costs were incurred to try and restore the data and the RMC received claims for damages from a number of individuals for breach of privacy. Legal costs of over £50,000 were incurred in settling such claims and complying with their regulatory requirements.
||Costs incurred restoring lost data, notifying regulators and individual customers of the data breach and all legal costs, including settlements for damages, would be covered within a Cyber Covered policy.
||A Property Manager who stores their customer information ‘on the Cloud’ thought that this would absolve them from their responsibilities under the GDPR. The Cloud service provider suffered a system failure which meant all access to customer records went down. This meant that the firm was unable to pay or manage financial transactions and they were also unable to view any records of payments made during this period of downtime.
||Cyber Covered polices can be extended to include outsourced service providers as if they are part of your own IT network. Therefore, any lost income sustained during this period of downtime, reputational damage suffered (including the cost of employing a PR specialist to mitigate such damage) and any legal and regulatory expenses that could arise from such an incident, would all be covered.
The high volume of sensitive customer information usually stored, processed and held means that cyber insurance should be viewed as an essential tool in your day-to-day operations.
The wide array of contacts, funds that are collected and held and multitude of contractual obligations leaves RMCs particularly exposed to cyber criminals. With so many access points for hackers to enter and potentially cause disruption, identifying risk controls and risk transfer mechanisms should be key to the successful operation of every RMC across the UK.
Traditionally, cyber policies were very expensive to buy, and it was even more difficult to understand what they covered. Our brilliant new cyber product will cover you against all the key risks your business will face online and digitally starting at just £10 a month. Unlike traditional insurance, Cyber Insurance is not just about the coverages you buy; it is equally important for you to have access to third-party experts with the knowledge and experience to get you up and running again in your time of need. A key feature of every Cyber Covered policy is not only the financial recovery for the business, but our also the data emergency service that comes with a Residentsline Cyber Covered policy.
Cyber risk is no longer ‘an IT issue’, it should be viewed as a ‘company issue’, vital to the ongoing profitability and success of every organisation.
- You protect your block of flats with flats insurance.
- You don’t go on holiday without travel insurance.
- You protect your personal possessions with contents insurance.
- You insure your car with motor insurance.
You need to protect your business’ information, customers, clients and all of your online data with a cyber insurance policy you can truly rely on.
Residentsline offers not only award-winning cyber insurance but you also gain access to the tools and training services required to minimise the potential loss of a cyber breach.
To obtain a Cyber Liability Insurance quote simply call Residentsline on 0800 281 235. Alternatively, you can email Sinead Campbell at firstname.lastname@example.org.