Almost daily the media is reporting on another data/security breach, and today’s cyber criminals are becoming increasingly sophisticated while the technology needed to combat them lags behind.
To date, more than $75.5 million has been spent on cyber claims losses, according to the most recent Cyber Claims Study published by NetDiligence, a cyber risk assessment and data breach services company. The study noted personally identifiable information was the most frequently exposed data at 94 percent, followed by payment card information at 27 percent.
Analysts predict that cyber risk protection will be the top growing type of insurance for commercial real estate owners and operators. Without coverage, any business using a point of sale (POS) system or that stores data is at risk, especially those that store consumer data that can be used for criminal gain such as credit card information. This puts property managers of retail and apartment properties and retail tenants in a direct line of vulnerability for cyber criminals.
Cyber criminals seek out information like rental applications, credit reports, leases and rental agreements, which contain personal information of applicants and tenants. Companies are required to dispose of these materials under the Fair and Accurate Credit Transactions Act federal law enacted in 2003, which includes information held on hard drives or personal data systems. Companies can protect themselves by purchasing software that automatically clears a hard drive and won’t allow for information to be restored.
By investing in cyber insurance, companies cover themselves from potential lawsuits stemming from stolen information and the costs. For example, when Target’s data breach occurred, account details of more than 40 million credit and debit cards were exposed. The data breach has cost the big box retailer more than $250 million, as Target only had $100 million in coverage, leaving the company very exposed. The biggest issue is that it’s now very traceable to figure out where the information was stolen from, so companies that use a POS system don’t have plausible deniability and will be held liable.
Most real estate companies don’t have the financial means to survive a data/security breach and should discuss with their insurance advisor what kind of coverage makes sense, which can vary depending on their business and level of exposure.
Michael Shadeed is a Director for Franklin Street’s insurance services division. Based out of the company’s Atlanta office, Shadeed specializes in all product types within the real estate industry including apartments, office, industrial, retail and hotels.