Cybercrime & Privacy Breach Determining What Insurance Protection Is Best for You

October 16, 2018

Cybercrime & Privacy Breach – Determining What Insurance Protection is Best for You

By this point, most real estate professionals have learned of the numerous hacks, breaches and other data security incidents affecting all businesses, and especially real estate firms. Phishing, spamming, spoofing and social engineering are now common, and scary, words in our vocabulary. Much information exists for business people to learn about computer and data security methods to minimize the chances of an incident, but with even the best protections, the bad guys will still invade tens of thousands of businesses and their data this year. With that in mind, as part of your data security planning, insurance to protect your business in the case of a loss has to be considered. A data breach can result in civil fines, notification and credit monitoring costs, computer forensics and restoration and lawsuits, totaling tens or hundreds of thousands of dollars. A social engineering or spoofing scheme, where escrow or trust funds are stolen, can be devastating.

Once you determine the need for insurance coverage, the next step is to assess what coverage is most appropriate. To start, some clarification on terminology. Many words and phrases are used generically in articles and publications, but increasingly words like privacy breach and cybercrime are taking on legal and insurance contract definitions. With that in mind, a brief and general overview of two types of coverage is warranted:

-Privacy/Data Breach Coverage: This type of coverage may be appropriate for firms not handling or holding other people’s money. Coverage may typically include data restoration, forensics, state-required notification costs, credit monitoring, reputation restoration, Payment Card Industry fines (if your business accepts credit cards), advertising injury, data extortion and first and third party lawsuits. Note that not all policies cover these things. A good policy will extend coverage to electronic and paper data, will cover social media breaches and offer some type of crisis response intervention. This type of policy will not typically cover social engineering and wire fraud schemes. For that, you’ll need:

-Cybercrime Coverage;If your business holds or manages other peoples’ funds, cybercrime coverage is recommended. Social engineering and wire fraud schemes, whether resulting from an international hack or a disgruntled employee, result in the loss of tens or hundreds of thousands of dollars of escrow or trust funds. If considering a purchase, be aware of potential coverage gaps. Make sure the policy specifically covers social engineering and computer fraud, and again, a good policy will cover crisis response and first and third-party liabilities.

Some insurers offer a “build your own’ policy that can incorporate elements from the above examples; others may offer stand-alone options. There is not necessarily an inherent advantage to either approach, it is more important to obtain the full breadth of coverage your business needs, from a sound insurer(s), whether it is one policy or two.

Questions are often asked if an errors and omissions or general liability policy provides this protection. Some policies may offer a small Supplemental coverage for a network breach, commonly $15-$50,000 of protection. These supplemental coverages are limited not only in monetary protection, but also in what is covered. They exist to provide a degree of coverage for initial notification costs or to secure data. They are not meant to replace the broader coverages in breach or cybercrime policies. Insurers have had claims where the claims have been filed under the provision of professional services definition, rather than as a security breach. As E&O policies were never meant to contemplate the newer phenomenon of breach and cybercrime, expect policy language to become more restrictive about applying coverage to data breach and cybercrime, further necessitating the need for proper coverage.

Real estate agents are particularly vulnerable due to the use of social media, personal electronic devices, advertising and data collecting. Based on the ever-increasing likelihood of a computer or data crime, real estate businesses would be wise to add the proper coverage to their professional insurance program.

John Torvi is the Vice President of Marketing & Sales at the Herbert H. Landy Insurance Agency of Needham, MA. John has been in the insurance industry, focusing on the needs of business owners, for almost 25 years. He holds a Bachelors Degree from Providence College and a Masters Degree from Springfield College and is a frequent speaker and contributor to professional journals and conferences for the legal, accounting, real estate and insurance industries.

The Landy Agency is a national leader in providing professional insurance services for attorneys, real estate professionals and accountants. John can be reached at 781-292-5417 or . Or visit for more information.