What Your Title Agency Needs To Know About Cyber Insurance

If you’re in real estate, you need cyber insurance.

For title agencies, sending and storing sensitive information, usually belonging to other people, is part of the job. Payment records, social security numbers, tax records… you name it. While keeping all of this stuff on your computer makes it easy to access and stay keep organized, it can also get you into trouble if it is lost, stolen, or ends up in the wrong hands. Unfortunately, data breaches and other cyber crimes have become a common trend that can result in major fines and legal fees (not to mention headaches.)

As an agency, you may be liable for damages to third parties and incur notification expenses to the people who were victims of your data breach. So if you want to protect your business against these things, you need to get a cyber liability policy.

What a common cyber liability policy covers

Typical cyber insurance covers your loss from data breaches and other cyber attacks.

There are two types of coverages: first-party and third-party.

• ‍First-party coverage is when your company takes a direct loss. An example of this would be the damage caused to your company server by a hacker.‍
• Third-party coverage is when other people have been affected as a result of your actions. For instance, a client sues you because his personal data was stolen from your company.

While cyber liability policies differ, most of them provide the same types of coverage. Many include more than one type of liability coverage as well. Here are the most common:

The fine details of first-party coverage

1. Electronic data losses
Most policies cover the damage and theft of your online data caused by a virus, hacker, or other cyber attacks. The policy will pay the costs of outside experts to restore and rebuild your data.

2. Financial losses  
Cyber policies cover financial losses and extra expenses that come from an attack on a covered computer system.

3. Cyber extortion
This coverage applies when a hacker invades your computer system and threatens to commit a damaging act. For instance, a hacker may expose confidential data, induce a virus, or shut down your computer system unless you pay them a sum of money. Extortion coverage pays for the expenses incurred responding to an extortion demand, such as the money paid to the extortionist.

4. Notification expenses
Policies may cover the expenses of notifying those who were affected by the data breach, as ordered by government laws and regulations. This may include the cost of hiring an attorney, providing credit monitoring services, and even the cost of setting up a call center.

5. Reputation damage
Most policies will cover the costs of advertising and public relations campaigns needed to preserve your company’s integrity and reputation following a cyber attack. This coverage is also referred to as crisis management.

The fine details of third-party coverage

1. Network security liability
This covers lawsuits that stem from a data breach or customers not being able to access their data on your computer system. This coverage usually applies if the incident happened because of a virus, malware, unauthorized access, or denial of service attack by a hacker or employee.  

2. Network privacy liability
Similar to a network security liability, this will cover the lawsuits and liabilities which state that you failed to protect the sensitive data of customers, clients, and other parties.

3. Electronic media liability
This will protect you against lawsuits for acts of defamation, copyright infringement, invasion of privacy and others. Your policy covers this if your data is published on the Internet.

Here’s what could be missing from your cyber policy

Although most companies offer similar policies, they vary widely in the details of what they cover. Here are some common gaps to watch out for:

Limited cover for social engineering: This is one of the major causes of cyber attacks these days. Social engineering happens when a cybercriminal manipulates a person or business into sending money to a fake bank account. The criminal will try to come across as a high ranking employee and ask for W-2 information. This may not be covered under a normal cyber policy because it technically isn’t considered “hacking.” It’s manipulation of human psychology.

Limited choice of counsel or vendors: Many cyber policies will ask you to pick from a shortlist (sometimes 3 or less) of legal counsel or forensic computer services to investigate your incident. If possible, buy coverage without these restrictions or ask for “pre-approved” vendors.

Limited cover for cloud-related risks: Some policies may cover lawsuits for such an incident but might not include cover for the cost of an investigation or the downtime caused by the cloud provider. If your business is reliant on a cloud service, make sure your policy covers this.

Limited responsibility to insure: Most cyber policies require you to fill out an application questioning your business practices in regards to security and contractual risk transfer. If the policy is placed, this application will usually become a “contract” that requires you to maintain these practices or risk losing coverage. Make sure you answer these questions carefully and keep pace with what you wrote down.

How to pick a policy for your title agency

There are so many things to take into consideration when choosing 3rd party liability insurance that it can be overwhelming. As a title agency, one of the most important coverages you can have is wire fraud protection. To help keep you safe, here are the most important questions you should ask your insurance provider when making a decision.

• How much insurance do I need and how much risk can I afford?
• What puts my policy into action?
• What’s not included in the policy?
• Which type of data is covered?
• How are responses handed?
  
• What costs and services are covered?

And there you have it – a quick review on how you can get cyber insurance without falling into the trap of shady coverage.

If you already have a cyber policy and are unsure about how you're covered, let us help you identify any gaps that CertifID can fill.

‍