Experts are urging real estate agents to consider safeguarding their business from the risk of cybercrime after multiple attacks hit the industry in recent months.
Fresh from the infamous high-profile attacks that exposed the personal data of millions of Australians in September and October, cybercriminals hit the property market, with Harcourts and LJ Hooker experiencing their own data breaches to round out the year.
With cybercrime costing small businesses $39,000 and given the increasing number of ways cybercriminals can hack into networks, small business insurance expert Jane Mason says prevention may not be enough to keep businesses safe.
“Small business owners may think they are protected from an attack, but then again, so did Optus and Medibank,” says Mason. “Small real estate businesses are increasingly becoming targets, and despite their best efforts, they may be left to deal with the consequences if an attack does occur.”
Jane Mason, Head of Product, Channels and Risk at BizCover
What data is at risk?
The real estate industry is no stranger to the threat of cybercrime.
Deloitte’s 2018 paper Cyber in Real Estate unveiled the dangers of the real estate industry being transformed by technology, and the sector has featured among numerous cyber scams since.
But in response to the focus on cyber-attacks in an October SBS article, digital rights activists urged real estate businesses to collect less data from clients.
Sure enough, Harcourts announced a week later that the personal information of tenants, landlords, and tradespeople were potentially exposed after an “unknown third party” accessed its rental database.
This was followed by the hit on LJ Hooker in December when a ransomware gang claimed to have taken credit card details, passport data, and loan information.
And while some of the digital rights activists’ concerns within the article were vindicated, others remain yet to happen.
From credit card scams to identity theft, the Digital Rights Watch spokesperson said to SBS it could even “threaten the safety of people”.
What are the risks to real estate businesses?
The total impact of a cyber attack on a small real estate business could be hard to quantify.
Not only would businesses need to deal with the cost of recovering the data and investigating the attack, but they would likely need to account for business interruption costs and the expense of bolstering their cyber defenses.
Then there is the cost of dealing with the PR fallout and the potential of being liable for fines and legal fees associated with the victims of the attack.
To put a number to a couple of recent attacks, Medibank said the hack would likely cost at least $25 million, while the Optus hack is said to cost $140 million.
The government is also investigating changing regulations in the aftermath of these incidents, according to legal experts, including increasing the fines for privacy breaches (currently capped at $2 million) and tightening cyber security requirements for businesses.
“Given that the real estate industry collects and stores vast amounts of sensitive information, the onus is on small business owners to protect themselves from costly and reputationally damaging data breaches,” says Mason.
What safeguards can be put in place?
Fortunately, there is plenty small business owners can do to prevent a cyber breach. The Real Estate Institute of Australia (REIA) has released a series of recommendations for real estate businesses to adopt in an effort to prevent cybercrime in the industry.
But while REIA has committed to embracing cyber security best practice, it also found 60% of respondents in a recent survey don’t have a cyber response plan.
“Small businesses often don’t have the financial clout or time needed to protect their business from the threat of cybercrime and will likely need to consider having a financial safeguard in place if things go wrong,” says Mason.
Cyber Liability Insurance* is one such safeguard designed to help protect small business owners from claims and support them in the event of a cyber breach or attack. Costs associated with defending a cyber claim are also covered.
Policies generally include cover for costs relating to the following:
- Data breaches, including theft or loss of client information
- Network security breaches
- Business interruption costs
- Forensic investigation into the cause or scope of a breach
- Data recovery costs
- Cyber extortion
- Crisis management costs (to protect or mitigate damage to your businesses reputation resulting from a cyber event)
- Loss and legal costs, including fines and penalties resulting from a third party claim for data or network security breach against your company
“While risk mitigation is important, sometimes things can slip through,” says Mason.
“Ensure your real estate business is covered against the expense and legal costs associated with data breaches before your data is going once, going twice, sold… to malicious third parties.”
Visit https://www.bizcover.com.au/ to compare quotes or give us a call today – no dramas!