Recent events within the property sector have brought to light the significance of having a robust plan in place should you fall victim to a cyber-attack.
With the increase of remote working, IT systems have become more vulnerable and cyber-related crimes have been on the rise. Figures from the National Fraud Intelligence Bureau reveal that between January and October 2021, around 24,000 cases of cybercrime have been reported, which amount to reported losses in excess of £11 million. Cases range from incidents of hacking, computer viruses, malware and spyware.
Paul Offley, Compliance Officer at The Guild of Property Professionals, says that the rise in cybercrime and the issues that have happened recently within the sector should be a warning to agents to be hyper-vigilant and ensure they have procedures in place to protect their systems against cybercrime.
Offley explains: “Cybercrime is more prevalent than ever before, and given the fact that agents have a considerable amount of sensitive data they hold, it is vital that all possible precautions are taken to avoid a potential incident. If large corporations are vulnerable to being infiltrated, how much more susceptible are small businesses such as an independent agent, who may possibly have less robust cyber defences. As a result of higher levels of cyber-criminal activity, there has been an increase in the cyber insurance premiums, along with insurers asking for more information and introducing more stringent risk management procedures."
He adds that cyber liability is not typically included under professional indemnity insurance (PI) and should not be relied upon as an alternative to a standalone cyber liability policy covering first and third-party loss. With the growing threat of cyber-attack, a greater reliance on technology, and the type of sensitive information agents hold, agents should consider adding cyber liability to their insurance programme if they don’t already have it.
Offley says: “The majority of businesses will only consider cyber liability after they have experienced an incident, which is obviously too late. Given the high number of cyber-related crimes we have seen in the UK over the past year, it is advisable to rather be proactive and have a comprehensive cyber liability policy in place before an incident occurs. It is a small price to pay for the reassurance of having support when you need it in a worst-case scenario.
“Cyber Liability policies include instant response cover, and it is this section of cover that is so important to help mitigate any further threats. If your systems are paralysed for a week or longer, it is impossible to quantify the financial loss and brand reputational damage to your business.”
He adds that while no one is immune to cyber-attack, it is best to be prepared and reduce risk where possible. Basic controls to help reduce a potential breach include:
Regular password updates on all devices.
Password complexity – use different passwords for different accounts.
Never share passwords.
Two Factor Authentication where appropriate.
Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing.
Ensure files are encrypted.
Monitoring of mobile and home working procedures
Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine.
Cyber Liability Insurance