Home of the REB Top 100 Agents

Gone (out of business due to) phishing

Promoted by EBM (Cyber Liability)
28 August 2018 | 6 minute read
290818 Cyber security b

Promoted by EBM (Cyber Liability).

Real estate businesses are an increasingly attractive target for cyber criminals. While you can’t insure against being a victim, you can protect your business from an attack’s aftermath.

More and more RE transactions are taking place online, particularly as the 150-year-old Torrens Title System transitions to electronic certificates and e-conveyancing. Add to thatthe introduction of ‘instant’ transfers through the NPP and Real Time Gross Settlement payments,which can see money transfer from bank accounts in a matter of seconds instead of days, and its little wonder cyber threat is growing in the RE sector.

Not only are agents involved in high-value (home deposits, property settlements) and on-going (rental bonds, payments) financial transactions, they also keep lots of private information (including ID and bank account details) that hackers can use to commit all kinds of mischief, like identity theft and payments fraud.With the RE sector in Australia alone worth $16 billion, that’s rich pickings for the unscrupulous.

Business technology news website ZDS has noted an increase in daily cyber threats to real estate agents, with more cybercriminals targeting residential property transactions by hacking into agents’ email accounts and altering bank account details to divert money to fraudulent accounts (as happened in recent high-profile breaches involving PEXA).

High volumes of email traffic in RE businesses also open the door for phishing scams and it is relatively easy for employees to click a link that releases malware into the businesses’ system and wreaks havoc. The agency’s own ‘lead generation’ forms on their websites can open the door to scammers too. The increasing sophistication of social engineering attacks is also cause for alarm, with the trust placed in email communications being exploited. Fraudsters access agency owners’ email accounts and issue false invoices to colleagues urging immediate payment, with money being directed to fraudulent accounts. ‘Brandjacking scams’, also known as email impersonation scams, not only target agency staff, but can be used to trick an agency’s clients into paying fake invoices, transferring finds to fraudulent accounts or giving up their personal details.

More than simply ‘inconvenient’, the fallout for those who fall victim to cyberattack can be huge.

Financial losses can be crippling – Webroot puts the average cost at $1.9 million for Australian SMEs. On top of actual funds being lost to scams and fraud, there are the costs of paying ‘ransoms’ to retrieve data stolen, fines and penalties imposed for breaching privacy laws, fees for forensic investigation and system recovery, and legal expenses in the event of litigation.

Then there are the operational costs. A survey by Norton found downtime (39 per cent) resulting from a cyberattack ranked as the top negative impact of cybercrime, followed by inconvenience (27 per cent) and additional time and expense spent on recovery (25 per cent). According to the Australian Small Business Ombudsman, a quarter of all businesses hit by a cyberattack experience 25 hours or more of downtime.

But there are ‘hidden’ costs too. In particular, the cost to a business’ brand and reputation. RE is extremely competitive and customer expectations are incredibly high, so if your business is out of action for a prolonged length of time or you were responsible for a data breach, then your reputation could suffer a crushing blow as your customers’ and suppliers/partners’ perceptions of your business hit devastating lows and they think twice about doing business with your agency.A global survey compiled by the Harvard Business Reviewrevealed 79 per cent of businesses consider reputational damage as their most significant risk from a cyberattack.

The reality is that most RE businesses do not have the skills or resources to address and recover from a cyberattack on their own. A sobering statistic that RE business owners should consider is that 60 per cent of SMEs go out of business within six months of falling victim to a significant cyber breach.

There is no insurance available that can actually stop your business from falling victim to a cyberattack – prevention is the best defence, but many experts concede that it is more a case of ‘when’ rather than ‘if’ a business will be targeted. However, Cyber Liability insurance can help with the fall out.

Cyber Liability covers vary, but generally are designed to provide protection when there is a breach of your IT systems resulting in loss of your or someone else’s information, and offers coverage for a range of first-party (costs your business would incur) and third-party (claims for compensation by others such as customers and suppliers) losses.

First-partycoverage generally includes:

  • loss of data and the cost of repairing and restoring IT systems and data recovery
  • forensic IT investigation (to identify the source and nature of the attack, and the extent of damage)
  • credit monitoring services (for those affected)
  • cyber extortion costs (e.g. paying a ransom)
  • notification costs to alert affected individuals and comply with the NDB Scheme
  • legal representation/regulatory defence expenses
  • business interruption including reimbursement of lost profits due to a network or system shutdown, and expenses incurred to maintain operation of the business as a result of interruption
  • crisis management and PR to mitigate reputational damage

Third-party coverage generally includes:

  • compensation claims from failing to protect private data
  • litigation expenses/costs of appointing a legal defence team
  • fines and penalties imposed by regulators

Importantly, many Cyber Liability policies not only provide financial assistance to your business, but also access to a cyber incident response team, which often consists of lawyers, forensic specialists, data recovery experts and other specialists such as PR, who provide crisis management expertise and know-how. Some policies also offer cyber security risk assessment and mitigation strategies including employee training and security reviews, meaning they are designed to help you with both preventing breaches in the first place and dealing with them if and when they occur.

It’s important to understand what a Cyber Liability policy does and not cover, so it is a must to work with an insurance broker that understands the risks your RE business might face and the cover options available.Cyber risks may be a relatively new threat to business, but EBM has been helping RE businesses large and small secure the right insurance covers for more than 25 years, so talk to an account manager today about Cyber Liability.

 

Our advice about insurance is provided for your general information and does not take into account your individual needs. You should read the Product Disclosure Statement and Policy Wording prior to making a decision, these can be obtained directly from EBM.

Article supplied by EBM.  
Whether it be business or personal, as one of Australia’s leading privately owned and operated insurance brokers EBM has insurance solutions to suit you.  For more information please visit www.ebm.com.au.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

You need to be a member to post comments. Become a member for free today!
Do you have an industry update?