Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
4 years ago · by · 0 comments

Cyber Insurance & The Real Estate Industry

real estate

Difficulties Facing the Real Estate Industry

For years the real estate industry has been on the receiving end of regular email fraud, ransomware and other assorted malicious attacks despite the media focusing on retail giants and the government.

According to Deloitte, some real estate industry professionals have underestimated their cyber exposure in comparison to retail, travel, hospitality and financial services industries, insisting their organisations aren’t prime targets. With a strong economy and very high rates of technology adoption among businesses, Australia is a prime target for cyber crime attacks and the real estate industry is a strong target.

Online trade, increased reliance on digital solutions and a lack of security culture are a few of the many variables broadening the attack surface for criminals in the real estate industry.  Here we will take a look at some vulnerabilities facing the residential and commercial real estate industry.

Two great examples taken from the AIG Cyber and Data Security Risks and the Real Estate Industry report:

In December 2012, two people were imprisoned for running a massive identity theft ring in San Diego, California. Much of the personal information is believed to have come from stolen real estate files.

Another real estate specific scam involved rental properties posted online. Cyber criminals copied the digital information from online listings to create their own listing to collect the initial deposit and rent for property they did not own.

Why target a real estate business?

Giving out personally identifiable information such as work experience, date of birth, past rental locations, phone & email address during an application or lease agreement has become part and parcel of renting or buying a property in Australia. As you can imagine, this data is often in a digital format or scanned copies of the physical documents which sit in numerous systems between estate agents & third parties.

  • The content of the data is sensitive and valuable for financial crimes, identity theft and email fraud
  • large amounts of money being regularly sent, received & kept in trust accounts
  • lack of employee training and education towards cyber crime
  • Multiple devices and passwords shared between employees
  • The personal data is not easily reset like credit card information. Birth date, names and addresses are nearly impossible to change after a breach
  • Technology is rapidly introduced to assist with efficiency but little understood
  • Typically rental records are stored for many years and in large volumes due to industry regulations
  • Too many people have system access to tenant records. this includes employees and also third parties

Deloitte has written in detail about a few large vulnerabilities facing commercial real estate organisations in their report, Evolving cyber risk in commercial real estate.

“Consider the November 2013 data breach at Target Corporation. In this instance, the hackers were able to find a route through the company’s HVAC contractor’s systems to steal payment card records and other personal information of nearly 110 million customers. Along with reputational damage, the company reported a gross financial loss of $252 million by the end of 4Q14.5

The incident highlights that the IT systems of CRE owners can act as an entry point for hackers to access tenant data, and that they are becoming an increasingly integral part of a tenant’s supply chain. Interestingly, cyber intrusions through CRE companies can create additional vulnerabilities beyond information theft, such as impact on productivity, life safety, and protection.

Billy Rios, a security researcher with the security firm Cylance, Inc. shared his perspectives in a recent interview “Major financial institutions have told us that if you can vary the temperature by five or six degrees, their computers won’t be able to process transactions at the normal rate,” because heat tends to degrade computer performance.

EY’s recent report, Managing real estate cyber security mentioned further unforeseen commercial risks.

Building management systems, which handle everything from air conditioning to closed circuit television, access control, lighting and door locks, traditionally worked on serial networks and were segregated from conventional IT networks. As these systems have become internet enabled, they are now open to all possible threats that afflict conventional IT systems. The potential for harm is significant. In real estate, the most immediate impact is likely to be felt by the tenant of the building rather than the owner, with loss of sales from collateral impact and loss of clientele. The longer-term impact is then felt by the real estate company as it is forced to compensate its tenants for loss of trading revenues and brand reparation when the true cause of the incident is discovered.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Notable Risks for Real Estate Organisations

A recent SpectorSoft study suggests that 37 percent of data attacks in the real estate sector are perpetrated through insiders. It looks like disgruntled employees are causing a major impact

  • large amounts of Personally Identifiable Information collected, analysed and stored on systems
  • Industry requirements for data collection and retention
  • large amounts of money reguarly moving through the business between many parties
  • Sharing of tenant information with a variety of providers
  • Mobile devices such as tablets and phones gaining much wider use
  • Employee education not up to date
  • Systems typically allow access points for many users including third party vendors
  • A heavy dependency on outsourced service providers

The increased use of digital technologies also exposes information and data through multiple channels. At a corporate level, web-based transactions with tenants and vendors, use of cloud services, the growing use of smartphones and tablets under bring your own device (BYOD) policy, and social media presence create multiple access points for the PII data stored by real estate companies.

At an asset level, the interconnectedness through internet protocol-based networks, HVAC and other industrial control systems, and open Wi-Fi networks increase data vulnerability. Do these asset-level cybersecurity risks solely impact the commercial real estate owners? Not in the least—because intelligent buildings tend to be interlinked with tenant systems, creating exposures to tenants whereby their systems and data can be accessed through the real estate owners’ IT systems.

Further reading, Managing Real Estate CybersecurityIs Cybercrime a Threat to Real Estate Agents?

High Profile Breaches

Police probe real estate cyber attack on Victoria based digital firm — Box+Dice

cyber criminals illegally flooded the Albert Park-based firm’s networks — which handle online operations for about 3000 real estate agents — with millions of phony hits in order to crash the systems, in a technique commonly known as a “denial of service” attack.

Cybercriminals Targeting Real Estate Transactions

Small real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers. That’s according to panelists at the Risk Management and License Law Forum

Essex Property Trust Inc. Reports Data Breach

Essex President and CEO Michael Schall said in the company’s statement, “Protecting the personal information of our tenants and employees — and maintaining their trust — is of critical importance to Essex. Unfortunately, cyber-criminals are finding new ways to infiltrate data systems every day, leaving companies increasingly vulnerable to these kinds of events.

Attempted theft of $500,000 in cyber-attack on real estate agency

A Perth real estate agent is breathing a sigh of relief after a cyber-attack was thwarted in an attempt to steal $500,000 from a trust account.

Cyber Insurance

Cyber insurance policies currently have a wide variation of cover and exclusions as the risk is still evolving. Some insurance providers are asking for encryption across all portable devices, clearly defined regular backup and recovery procedures or independent audits and penetration testing conducted regularly. Over time we will see a clearer understanding and standard of cover.

Some unforeseen professional risks can arise after a cyber attack as a result of an office grinding to a halt. Ensuring business interruption expenses, extortion and 3rd party costs are covered adequately is a primary policy factor.  The integrity of data and security of the tenant/owner records; and identity theft of customers also being important risks to consider when reviewing your business insurance portfolio.

We recommend that real estate staff understand the cyber risks in their daily tasks and devices used. Continued employee education is fundamental to securing sensitive data, there are a number of companies offering employee training and false threat testing to heighten employee knowledge.

Current vulnerabilities, scams and prevention methods should be regularly circulated for employee knowledge. There are a number of third parties offering employee training and false threat testing to heighten employee knowledge. One email can breach the entire network, as a result we suggest getting employees to subscribe to and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Read more

4 years ago · by · 0 comments

Cyber Insurance & Healthcare

hospital- medical reception

Difficulties Facing The Healthcare Industry

Criminal attacks on unsuspecting medical practices, hospitals and other areas of the healthcare industry have been happening for years in a digital format. Would-be criminals don’t need to physically walk into the practice and reach behind the counter for sensitive records. Now, thanks to many improvements in technology the vast majority of personal files are shared and kept in digital archives with little protection.

As the tech world surges forward we are seeing an unprecedented amount of data being collected, shared, analysed and stolen on a daily basis. These recent leaps in technology are creating extra points of entry for criminals and more concerns regarding patient privacy than ever before. Despite major media coverage and brazen high profile breaches on governments and global organisations, there is still an upward trend in the frequency and severity of privacy breaches. Some industry vendor reports are indicating these breaches are more likely to happen in the health care industry than any other.

Cyber Insurance Australia Logo

 

Cyber Insurance Can Help Protect Your Business.

Why Is Healthcare Such A Target?

There are many reasons but some major points which make healthcare a prime target are:

  • The content of the data is sensitive and more valuable. For example, stolen healthcare data has been sold for 10 times that of credit card info
  • Time critical access. Usernames & passwords being simplified and left openly available for all staff to save time
  • The personal data is not easily reset like credit card information. Birth date, names and addresses are nearly impossible to change after a breach
  • Healthcare has adopted technology very rapidly without full understanding of the vulnerabilities
  • Medical device manufacturers failing to adequately secure the devices
  • Typically patient records are stored in large volumes and for many years
  • Too many people have acess to patient records

Unique Risks for Healthcare Organisations

  • Staggering amounts of Personally Identifiable Information and Protected Health Information collected, analysed and stored on systems
  • Sharing of health information with a variety of providers, including specialists
  • Mobile devices such as tablets and phones gaining much wider use
  • Employee education not up to date which leaves the organisation open to human error
  • Systems typically allow access points for hundreds of users including third party vendors
  • A heavy dependency on outsourced service providers
  • Many organisations have a chain of liability from providers, payors, third party administrators, technology or hardware firms, pharmacy benefit managers, outsourced network service providers and data storage firms

High Profile Breaches

Internationally many medical device manufacturers are being questioned over their failure to ensure the security of their products and instead transfer their responsibility to health care organizations. While these new devices can drastically increase efficiency and diagnoses, they are also creating vulnerabilities for the network they are connected to. Employee error remains the number one cause of exposure but device vulnerabilities are also at alarming rates.

26 million patient records at risk after popular GP software flaw

Australia’s biggest data breach sees 1.3 million Red Cross records leaked

How to avoid being the next hospital breach

It’s Insanely Easy to Hack Hospital Equipment

Cyber Insurance

Cyber insurance policies currently have a wide variation of cover and exclusions as the risk is still evolving. Some policies are asking for encryption across all portable devices, clearly defined regular backup and recovery procedures or independent audits and penetration testing conducted regularly. Over time we will see a clearer understanding and standard of cover.

Some unforeseen risks can arise after a cyber attack as a result of an office being forced to return to paper. The integrity of data and security of the health records; and identity theft of patients also being important risks to consider when reviewing insurance policies.

We recommend that medical industry staff understand the coverage they are getting and make sure ransomware and 3rd party costs are covered in their policy.

Overall though maybe the most important preventative measure at the moment is to educate employees. Current vulnerabilities, scams and prevention methods should be regularly circulated for employee knowledge. One email can breach the entire network, as a result we suggest getting employees to subscribe to the MailGuard blog and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information.

Cyber Insurance Australia Logo

 

Cyber Insurance Can Help Protect Your Business.

Read more

4 years ago · by · 0 comments

Internet of Things & Business Insurance

IoT

Internet of Things

The Internet of Things revolution has begun and businesses are jumping on board without hesitation, IoT meaning the increasing number of devices which have internet access for one purpose or another. Said to have started in 1991 when a group at the University of Cambridge Computer Labs began using a webcam to monitor the coffee pot levels using their networked camera instead of walking down the hall.

Connectivity in general is also nothing new, we know that the handheld powerhouse in our pockets is constantly sending and receiving data around the world. Recently we tested an anti spyware app called SpyAware which monitors how much data is collected and where it is being sent by other applications. Not surprising, seemingly innocent apps are sending data regularly to hundreds of locations around the world and the same is happening with other new “smart” devices.

Are we haphazardly racing to connect any and all parts of our lives while leaving our private data in the open for the sake of convenience? Absolutely. Watches, children’s toys, televisions, printers, fridges, cars, and just about every appliance in the home or office has seen new versions with network connectivity released. Experts have estimated we have well surpassed the global population with numbers of connected devices with no sign of slowing down.

It is becoming second nature to upgrade to tablets, phones, free customer wifi, smart TV’s and other great technologies. Organisations are taking large steps forward in operational efficiency thanks to the ingenuity of some of these devices but they are also potentially sacrificing staggering amounts of private data to get there.

While we recommend organisations take advantage of the internet of things for marketing, efficiency and business process overhaul. We also strongly recommend understanding the items and their vulnerabilities before adding them to your network.

Insurance

This is an interesting time for insurance providers as the risk for data and identity theft from the staggering abundance of connected devices is unprecedented. Experts have estimated we have well surpassed the global population with numbers of connected devices are are showing no signs of slowing down. Most major insurance providers are proactively researching IoT risks and are trying to pivot accordingly.

Currently many existing business insurance policies will cover basics like theft or accidental damage for items but these policies will not kick in if the device is hacked. Nor will those policies cover data theft or malicious damages caused as a result of the vulnerable device. Cyber insurance policies will round out this area of a risk management report but be sure to understand the policy fine print and the impact of any new devices.  For example, some policies will require encryption to be used across all portable devices or risk having the claim denied.

“Things are moving quickly and the insurance industry is playing a bit of catch-up. We know these technologies exist. We already insure them. But what are the future implications? That’s what we need to get our heads around.” says Noel Condon, CEO of AIG

Steven Raynor, Executive General Manager Transformation at QBE Australia and New Zealand recently said in an interview with Insurance and Risk “Insurers will have the opportunity to model and engage in greater analysis and understanding of customers’ needs, as well as fact-based risk assessments about people’s assets.“This opens up the possibility of a whole new range of products and services, and will enable us to more proactively support customers in the management of their risk rather than simply indemnifying them against risks reactively,”

“Network outages could result in significant business interruptions and lead to large losses for businesses. Again, the importance of robust cyber security cannot be understated,” He adds.

Insurers will be looking at more personalised and in depth insurance packages in the future to better asses and quantify business risks. Understanding which devices are being used, encryption & password use for devices, employee education levels, information security procedures, third party vendors used, security audits and a number of other previously unasked questions.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Here a few examples of media coverage for exploited connected devices.

How the largest Internet of Things hack was executed

Office Equipment

Turning office equipment into bugging devices

Easily hacked hospital equipment

Smart TV’s

How to easily hack your Samsung & LG Smart TV

Spying with Smart TV’s

Toys

Childrens plush toys recording messages between kids and parents leaked

Toy manufacturer Vtech hacked

Fitness accessories

Fitbit hacked from ten feet away

Fitness bands easily hacked to control how it works

Cars

The FBI Warns That Car Hacking Is a Real Risk

Connected car in the second-hand lot? The first owner might still have access. And the second. And so on

 

We suggest discussing your current device vulnerabilities with information security staff, researching online and putting a cyber insurance policy in place as soon as possible.

Cyber Insurance Australia Logo

Cyber Insurance Can Help Protect Your Business.

Read more

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!