A Comprehensive Guide for Real Estate Firms
Table of Contents
What is Cyber Liability Insurance?
Cyber insurance is designed to help protect businesses from online risks and other digital security threats. It is a relatively new form of insurance that has emerged in response to the growing number of cyber attacks and data breaches that have occurred in recent years.
While some cyber liability coverages might be provided as add-ons or endorsements on general liability or professional liability (or E&O) insurance policies, stand-alone cyber insurance policies are quickly become standard.
Why do Real Estate Brokers Need Cyber Insurance?
Many small business owners, including real estate broker/owners, commonly believe that cyber criminals only target large national or international companies.
While it is true household brands end up in the news regularly because of data breaches or cyber attacks, small businesses are one of the favorite targets of bad-actors in the cyber space! They typically have less robust security, and real estate is a particularly lucrative industry to cyber criminals.
What Does Cyber Insurance Cover?
Cyber insurance is generally divided into two categories: first party and third party losses. Let’s explain these terms along with some common claim examples from each type of claim.
1st Party Cyber Coverages
1st party coverage is designed to protect the policyholder (the first party) directly from losses that result from a cyber incident. This type of coverage is often referred to as “direct” coverage.
Examples of 1st party coverage include:
Business interruption: covers lost income and extra expenses incurred due to a cyber event that disrupts business operations.
Data breach response: covers the costs of responding to a data breach, including notification, credit monitoring, and forensic investigation expenses.
Cyber extortion: covers the costs associated with a ransomware or other cyber extortion event, including the cost of the ransom payment and expenses related to negotiating with the cybercriminal.
3rd Party Cyber Coverages
3rd party coverage is designed to protect the policyholder (the first party) from liability arising from a cyber incident that results in harm to a third party. This type of coverage is often referred to as “indirect” coverage.
Examples of 3rd party coverage include:
Network security and privacy liability: covers damages and defense costs associated with claims by third parties for a breach of their data or a failure to secure their data.
Media liability: covers damages and defense costs associated with claims of libel, slander, copyright infringement, or other media-related liability arising from content published by the policyholder online.
How Much Does Cyber Insurance Cost?
Because cyber insurance is a somewhat new coverage with an increasing number of large claims, cyber insurance rates have changed over the past few years. That’s why we devoted an entire blog to the price of cyber insurance for real estate firms. Here’s a summary:
Currently, for a real estate firm with about $1 million in revenue, it is safe to say cyber insurance will probably cost $1,000 – $2,700 annually.
Real estate firms with $5 million in annual GCI might be pay anywhere from $2k-6k, and firms with $20 million in revenue can probably budget anywhere between $4k-$10k for cyber.
As cyber claims are regularly six-figures, a tenth of a percent of revenue for $1 million in cyber coverage might be the difference between your business surviving a cyber attack and failing.
The price insurance depends on a number of factors such as your industry (of course, we’re writing this for real estate brokerages), revenue, previous claims history, and your firm’s current risk management practices.
For example, if you firm has implemented multi-factor authentication (MFA) on all emails, you will likely see a lower rate. As we will see later on, this is one reason why accurate cyber insurance applications are so important.
Cyber Coverages Many Real Estate Brokers are Missing
Cyber insurance, unlike other types of standard insurance, is not yet standardized. Policies differ dramatically in terms of what coverages they provide. Let’s look at a few areas where real estate brokers might be missing critical coverages in their cyber policy.
Reimbursement vs. Pay on Behalf of
Reimbursement and payment on behalf of are two different ways in which a cyber insurance policy can cover the costs of a cyber claim.
For example, if a real estate agent or broker has cyber insurance that covers ransomware attacks, they may be able to file a claim to cover the costs associated with the attack. The insurance company may either reimburse the policyholder for the costs incurred or pay the costs on behalf of the policyholder.
Reimbursement means that the policyholder pays the costs upfront and then submits a claim to the insurance company for reimbursement. The insurance company will review the claim and, if approved, will reimburse the policyholder for the costs that are covered under the policy.
On the other hand, payment on behalf of means that the insurance company pays the costs directly to the service providers, such as the forensic investigator, data recovery specialist, or ransomware negotiator.
While this might seem like a trivial difference, most real estate brokers do not have the cash (let alone cryptocurrency) on hand to pay an expensive ransom. Also keep in mind, it could be criminal to pay these criminal organizations in some cases. So real estate brokers are much better off letting an experienced cyber insurance company handle any necessary payments.
Independent Contractors Endorsement
This is a small but important addition to your real estate insurance policy. Most real estate agents are independent contractors.
However, not all cyber insurance policies include “independent contractors” in the definition of the insured. An insurance broker experienced in real estate cyber insurance will know to add an independent contractors endorsement if the cyber policy does not automatically include “independent contractors” in the policy’s definition of “insured.”
Top Cyber Claims for Real Estate Firms
3rd Party Wire Fraud (Funds Transfer Liability)
One of the most common claims real estate brokers face is third-party wire fraud (aka funds transfer liability).
This usually occurs when a real estate agent clicks on a spoofed email and their email is breached. Once the hacker gains access to the email account, they monitor the email communications between the parties and wait for an opportunity to insert themselves into the conversation. When the time is right, the hacker will send an email to the client that appears to come from one of the parties involved in the real estate transition instructing a client to wire funds to a specific account.
Real estate E&O policies typically do not cover third-party wire fraud. A few E and O policies cover situations when a real estate agent negligently forwards fraudulent wiring instructions, but typically these claims originated from the breach of the real estate agents email.
Keep in mind that not all cyber insurance policies cover third party wire fraud. Those that do might only cover it up to a designated “sublimit,” which is quite commonly $250,000.
Does My E&O Cover Cyber?
Real estate E&O (Errors and Omissions) insurance policies typically do not provide comprehensive coverage for cyber-related risks. Many real estate E&O policies may include some level of protection for certain cyber risks often in the form of an endorsement, add-on, or rider. It may cover data breaches or identity theft, but E&O is primarily designed to cover liability arising from errors, omissions, or negligence related to real estate services.
The limits are likely low (you will commonly see $25-50k limits), and the coverages are typically more narrow.
If you are concerned about cyber risks, such as wire fraud, ransomware attacks, or other types of cyber threats (and you should be), a separate, stand-alone cyber insurance policy is mostly likely your best option.
What is a Cyber Risk Assessment?
A cyber risk assessment is an evaluation of an organization’s cyber risk exposure and potential vulnerabilities.
A good assessment will identify potential vulnerabilities and threats, evaluate current security measures, and help you or an IT professional develop a plan to mitigate risks.
The assessment typically includes a review of an organization’s network architecture, software and hardware configurations, and employee security practices.
By conducting a cyber risk assessment, organizations can gain a better understanding of their cybersecurity risks and develop a plan to prevent or mitigate potential cyber attacks.
Cyber Insurance Applications for Real Estate Brokers
There are several different ways you can apply for and purchase cyber liability insurance for your real estate firm.
Our team is comprised of independent insurance agents, which means we work with and have contracts with most of the insurance companies & insurance brokers that write real estate cyber insurance.
An independent insurance agent/agency can go to the market and gather multiple options from multiple companies from one simple application.
At FirmSecured, our client use a form that allows us to go the leading cyber insurance companies for real estate firms to gather multiple options.
If you aren’t into digital forms, we also have companies that can work from a simple PDF application. Fill out our quick “request a quote” form and we’ll be in touch.
Generally, cyber insurance applications will ask questions about your revenue, description of operations, cyber claims history, and will likely have specific questions about your real estate firm’s current cybersecurity measures.