CYBER INSURANCE ?
Cyber Insurance Policies are required for all Coldwell Banker Companies. The need to carry Cyber insurance and the availability of Cyber insurance have increased due to the increase in Cybercrime over the last several years. This insurance protects the Company and its Agents and Employees against Cybercrime which has become the crime of choice for many criminals.
Why is Cybercrime the preferred Crime of Choice? Because Cyber criminals can be located anywhere in the world, commit a crime from most anywhere in the world, hide in the dark web, and mask their identity making it difficult for authorities to catch and prosecute them.
E&O Insurance policies do not cover Cyber Crime. Therefore, with the increase in this type of financial crime, it has become important to carry Cyber Insurance.
As an agent, why do I need to be protected against Cybercrime with a Cyber Insurance policy? As previously mentioned, when a client is the subject of a Cybercrime, it is very difficult to capture and prosecute the criminal. However, when a client sues to recover their lost funds, the defense costs are extremely expensive. Without Cyber Insurance, both the Broker and Agent are individually left to defend themselves in a lawsuit.
Equally as difficult as catching the culprit, is for authorities to pinpoint the exact location where the breach of entry occurred that allowed the criminal to enter and commit the crime.
We know that Financial Institutions, Title Companies, Lenders, and Escrow Companies are regulated and require the use of encrypted email when communicating with clients. The Real Estate Brokerage community lacks this requirement at this point in time and therefore may be more vulnerable to a security breach. Nonetheless, proving the criminals point of entry is usually impossible without catching the criminal. This can be likened to proving that a person caught COVID from one specific person. There may be good reason to suspect one person but proving that person gave you COVID is nearly impossible. Although the responsible party that allowed the cyber breach may never be proven, when a lawsuit happens, all parties are named - the wiring bank, the lender, the escrow, the title company, the brokerage, and the agent. Each party must provide and pay for a defense. CBW’s Cyber Policy ensures the company and its agent’s defense costs are covered to the limits of the $1,000,000 policy.
For more coverage information, please refer to the documents from our Insurance Broker entitled ‘Two Types of Cyber Coverage’ and ‘Cyber Coverage 101’.
1st Party Liability description
Breach Response & Remediation
Cyber Business Interruption
Dependent Business Interruption
System Failure
Dependent System Failure
Business Interruption Waiting Period
Ransomware / Cyber Extortion
Coverage for response and remediation costs associated with a breach; This includes legal fees, customer notification, IT/digital forensics, and crisis media relations, among others
Coverage for financial losses due to a cyber event that causes degradation to your computer system; Usually requires a time retention (see Business Interruption Waiting Period)
Coverage for financial losses due to a cyber event when a 3rd party provider experiences a cyber event that causes you disruption; 3rd parties often include cloud providers or other software/services/hosting providers
Coverage for financial losses due to business interruption resulting from an unplanned or unintentional outage, often caused by employee error or power outage
Coverage for financial losses due to business interruption resulting from an unplanned or unintentional outage of a system operated by a 3rd party vendor, often caused by employee error or power outage
Time retention typically applied to cyber business interruption, dependent business interruption, and system failure
Coverage for the costs to respond to a cyber extortion (ransomware) event, including forensics experts to investigate the attack, experienced negotiators, and sometimes ransom payments in virtual currencies
Ransomware Payment Provision
Digital Asset Damage
Cyber Crime
Social Engineering
Client Funds
Invoice Manipulation
Telephone Hacking
Crypto Jacking
Provision for how the policy responds to a ransomware claim; “Pay on behalf” indicates the carrier will tender payments due when a ransom event occurs; “Reimbursement” indicates the insured will pay out of pocket and then seek reimbursement for covered losses
Coverage for costs to rebuild electronic data and other digital assets after a cyber-event, like recovering offsite backups, etc.
Coverage for the theft of funds from a failure in your security, often by a hacker stealing login credentials; This is often referred to as fund transfer fraud and may be covered on a crime policy
Coverage for theft of funds by using deception or impersonation, where a criminal tricks you into parting with your funds; Often ties into a business email compromise
Coverage extension to cover theft of client funds in the insured’s care, custody, or control
Coverage for the release or distribution of a fraudulent invoice or fraudulent payment instruction to a third party as a result of a cyber event
Coverage for costs associated with unauthorized and fraudulent telephone calls
Coverage for costs associated with unauthorized use of the insured’s computer processing power to mine crypto currency
Reputational Harm
Coverage for lost income from an adverse media event due to a cyber event that damages the insured’s reputation
Breach Response (Outside the Limit) Coverage for 1st party breach costs outside of and in addition to the policy aggregate limit
Pollution
BYOD
Coverage that would apply should the insured experience a cyber-event which causes a pollution condition
Coverage for any device used by the company’s employees in the course of normal business operations, no matter who the device belongs to
3rd Party Liability description
Cyber / Privacy Liability
Media Liability
Regulatory Defense & Fines
PCI Fines & Assessments
Contractual Liability
Defense and indemnity for claims against you related to cyber events / data breaches
Defense and Indemnity for claims of libel, slander, copyright infringement, trademark infringement, invasion of privacy, etc.
Defense and indemnity coverage for claims brought by federal, state, local or foreign governing body related to privacy regulations, data breaches, cyber events, and fines and penalties where insurable by law
Coverage for assessments, fines or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS)
Defense and indemnity coverage for events that are part of a contractual agreement; Affirmative coverage or a carve back to a breach of contract exclusion
Additional Services description
Cyber Risk Report
Proactive System Monitoring
Pre-claim Assistance
Expert Security Advice
An assessment of the company’s business cyber security often providing a score and actionable security recommendations; Carriers that can provide this usually only need the company’s URL to do an outside-in scan and provide this for all quotes
Ongoing and regular scanning to monitor for security vulnerabilities; If an issues are flagged, carrier will proactively notify the insured and offer assistance to mitigate; Only provided to policy holders
Access to software and services including cyber risk applications, breach response plans, data breach calculators, and other risk management tools to manage cyber risk
Open access to Cybersecurity experts to ask questions about the company’s security; usually access is provided via phone or email
