- No comments
How is a homeowners association comparable to the recent cyber-attacks on Sony? Each association and its board members could fall victim to “Data Breach” and be subject to “Cyber Liability” claims. The good news is that a properly written Cyber Liability and Data Breach insurance policy can help protect both the association and its board members against major losses.
A data breach of confidential association information can occur in many different ways, such as:
- Criminal attacks – Electronic agents, such as viruses, malware, worms, and Trojans; criminal insiders like rogue employees or vendors; theft of data-bearing devices; and phishing (including spear phishing) attacks.
- Data lost or stolen due to third party conduct – This includes protected data in the hands of outsourcers, cloud providers, and business partners.
- Loss or theft – Laptops, backup tapes, USB drives, and smartphones, as well as paper documents may be lost or stolen, which can be a significant risk since the data on these items may not be protected by firewalls or passwords and may not require additional physical controls for access.
EXAMPLES OF POTENTIAL ASSOCIATION-RELATED DATA BREACHES
- A computer malfunction accidentally distributes Association confidential information in a mass e-mail or on printed material, or posts sensitive data on a website.
- An Association employee or board member mistakenly leaves a brief case with a DVD or physical file containing confidential association information on public transportation while traveling home from work.
- An Association’s employee’s laptop or USB flash drive containing sensitive member and board executive session information is stolen.
- A hacker breaks into a vendor’s software program that records the Association’s payments and card transactions at the point of sale.
- A vendor’s employee scans the association’s credit card information and sells the information to a third party for illicit purposes.
WHY IS CYBER LIABILITY COVERAGE IMPORTANT FOR ASSOCIATIONS?
- Traditional liability products may not address data breach exposures.
- There are state and federal requirements that must be met.
- The National Data Breach Market for small business (which includes most associations) is estimated at $1.5 billion.
- Data breach incidents cost U.S. companies $194 per compromised customer record in 2011.
- Associations whose data is not properly protected face expensive direct and indirect costs from cleaning up a data breach, as well as a loss in member confidence that could have long lasting ramifications.
CYBER LIABILITY COVERAGE FOR ASSOCIATIONS EXPLAINED:
There are a wide range of coverage options, limits, deductibles, and premiums for homeowners associations to consider. Directors and managers should make sure that the association’s insurance agent shops the markets and presents offers from several companies. Here is a list of coverage options that associations should look for in any offers which are received:
FIRST PARTY COVERAGES
- Loss of income reimbursement – When the computer is down and cannot collect association fees which are paid online.
- Notification of affected owners, employees, and vendors – This could include the cost of mailings or other means of notification.
- Member credit monitoring – This policy could pay for a year of credit monitoring companies for all of the members affected by a data breach.
- Crisis management and public relations – This covers the cost of hiring a company to get information about the data breach out to the members and to minimize the damage to the association’s reputation. These experts will work towards restoring confidence in the owners and in the community.
- Forensic and legal services – This policy will pay for experts to assist in determining if there was a regulatory breach and will help with compliance.
THIRD PARTY DEFENSE
- This option will provide coverage against third parties (owners, vendors, etc.). It will provide protection for the following:
- Theft or loss
- Unauthorized access or destruction of data
- Regulatory defense
WEIGHING THE RISKS VS. COSTS
Any association which collects personal information or other sensitive data is at risk. For example, if an association collects any of the following information, the additional costs of the insurance coverage should be well worth the additional protection:
- Personal information like social security numbers or street addresses?
- Credit card or billing info for direct payments?
- Financial records?
RISK MANAGEMENT SUPPORT
Most insurance carriers will provide expert assistance on the following:
- How to safeguard information
- Implementing backup systems
- Regulatory compliance
In today’s fast pace, ever-changing, internet world full of electronic data, it is hard to keep up with all of the new ways that an association’s computer system and electronic data can be hacked and result in liability to the association. The good news is that obtaining a cyber-liability insurance policy in advance can help protect the association if and when such a loss occurs.
Meet Scott Litman:
Scott Litman and his agency have been educating property management companies, HOAs, and Board of Directors on the benefits of maintaining proper insurance for over 20 years. Scott attended the University of California, Los Angeles and California State University of Northridge in receiving his undergraduate degree. He also received his Juris Doctor Degree from Southwestern University School of Law.
Scott represents many insurance companies and has earned the “Elite Commercial Agent” status from Farmers Insurance. Scott is also an active member of the Community Association Institute (CAI). Due to years of hard work and dedication to the needs of their clients, the Scott Litman Agency was named one of LA’s “Best in Insurance” for 2013, 2014 & 2015 in Los Angeles Magazine.
Contact him at (818) 879-5980 ext. 201.