CertifID's Guide to Cyber Insurance for Title Agencies

With a rapidly evolving cyber threat landscape, real estate professionals are finding that cyber insurance is a must-have. Cyber insurance protects your business in the event of a data breach in which sensitive information, such as Social Security numbers, credit card numbers, or driver’s license numbers are compromised. 

Since real estate transactions involve confidential customer information, it’s essential that you’re protected. Knowing what to consider when shopping for a policy and choosing the correct one can save you a lot of headache in the long run.  

‍

Table of Contents

• ‍What Is cyber Insurance? Why do you need it?‍
• Types of cyber insurance‍
• Limits of cyber insurance‍
• Protect your business with CertifID

What is cyber insurance? Why do you need it?

Real estate businesses create, collect, store, and process data from partners, other real estate professionals, and customers. All of this data, especially wire transfer account information, is highly valuable to cybercriminals. If a data breach occurs, as an agency, you may be liable for damages to third parties and incur expenses. 

Cyber insurance provides coverage in the event of a data breach or cyberattack, helping to cover the losses resulting from events such as:

• Viruses or malware introduced into your network environment
• Hacking or theft of data
• Denial of service that impacts the provision of your business services
• Ransomware

Types of cyber insurance

There are two main categories of coverage: first-party and third-party. First-party coverage applies when your company takes a direct loss, such as damages caused to your server by a hacker.

Third-party coverage applies when other people have been affected as a result of your actions. For instance, a client sues you because their personal information was stolen from your company.

First-Party Coverage

There are five areas that first-party insurance usually covers: 

Electronic data losses: covers the damage and theft of your online data caused by a virus, hacker, or other cyber attacks and pays the costs of outside experts to restore and rebuild your data.

Financial losses: covers financial losses and extra expenses that come from an attack on a covered computer system.

Cyber extortion: pays for the expenses incurred by an extortion demand, such as when a hacker invades your computer system and threatens to expose confidential data; induces a virus; or shuts down your computer system unless you pay a sum of money. 

Notification expenses: covers expenses incurred when notifying customers and any other parties affected by the data breach, as ordered by government laws and regulations, including hiring an attorney, providing credit monitoring services, and setting up a call center.

Reputation damage: covers the costs of advertising and public relations campaigns needed to preserve your company’s integrity and reputation following a cyber attack. 

Third-Party Coverage

There are three areas of liability coverage that fall under third-party insurance:

Network security liability: covers lawsuits and costs associated with data breaches, and it usually applies if the incident happened because of a virus, malware, unauthorized access, or denial of service attack.  

Network privacy liability: covers lawsuits and liabilities stating that you failed to protect the sensitive data of customers, clients, and other parties.

Electronic media liability: protects against lawsuits for acts of defamation, copyright infringement, invasion of privacy and others. Your policy provides this coverage if your data is published on the Internet.

Considerations when buying cyber insurance

A few considerations to keep in mind when looking into cyber insurance are:  

• Cyber risks are constantly evolving, so insurance policies must be reviewed regularly. You should work with an insurance provider to stay informed about the latest cyber threats and determine if your coverage includes relevant risks.
• Coverage comes with specific requirements that your business must meet. Many cyber insurance providers and their underwriters require your business to meet basic cybersecurity requirements to secure coverage. 
• Businesses must pay premiums on their cyber insurance policies. Over the last several years as cyber incidents have become more prevalent, premiums have steadily increased as coverage has become more narrowly defined.

Limits of Cyber Insurance

Although cyber insurance has become a necessity for businesses operating in the digital space, there are some limitations, first being that coverage levels and costs are still not standardized. This makes it even more important to know the details of what your cyber insurance covers and to be aware that it’s your responsibility to maintain it.

Most cyber insurance provides limited coverage or control over:

Social engineering

Social engineering happens when a cybercriminal manipulates a person into sending money to a fake bank account. The criminal impersonates a high ranking employee and asks for W-2 information. This may not be covered under a normal cyber policy because it technically isn’t considered “hacking” but rather manipulation.

Choice of counsel or vendors

Many cyber policies will ask you to pick from a shortlist (sometimes 3 or fewer) of legal counsel or forensic computer services to investigate your incident. If possible, buy coverage without these restrictions or ask for “pre-approved” vendors.

Cloud-related risks

Some policies may cover lawsuits for cloud-related incidents but might not cover the cost of an investigation or business interruption caused by the cloud provider. If your business is reliant on a cloud-based service, make sure you have adequate coverage.

Responsibility to insure

Most policies require you to fill out an application about your cyber security practices and contractual risk transfer. If the policy is placed, this application becomes a contract that requires you to maintain these practices or risk losing coverage. Make sure you answer these questions carefully and continue the practices that you wrote down.

Choosing the right cyber insurance and understanding the benefits and limitations can prevent unfortunate cyber events from happening to you or your company. It leaves you better protected, and you can sleep better at night knowing that your customers’ personal data is safe.  

Protect your business with CertifID 

When it comes to protecting your title agency, your organization should not just have the necessary cybersecurity controls in place but also the protection that comes with CertifID. Our platform provides an end-to-end encrypted mechanism to securely collect wire transfer data, protecting your customers and your company from the growing risk of wire fraud. CertifID’s customers are also backed by up to $1 million in wire fraud coverage per transaction, mitigating the limits of cyber insurance policies.

Want to learn more about how to protect your title agency against the cyberthreats of tomorrow and have the right coverage there when you need it? Refer to our cyber insurance renewal guide for 2024.

‍