Search
Close this search box.
Request a quote

Why Cyber Security & Insurance is a Must-Have for Community Associations

architecture-buildings-business-2924103-1

Why Cyber Security & Insurance is a Must-Have for Community Associations

Community associations, including condo associations and HOAs, may not realize the extent of their vulnerability when it comes to cyber crime. Just as with any other small to mid-sized business (SMB), associations can be the target of malware infections and other cyber threats. In fact, SMBs suffer 58% of malware infections, according to a recent report released from Verizon. Furthermore, not only are small businesses being hit by hackers, the attacks are costing them a lot of hard-earned cash. In 2017, average malware-related costs for small and medium-sized businesses included $1,027,053 due to damage or theft of IT assets, and $1,207,965 due to disruption to normal business operations.

One of the reasons SMBs are so vulnerable is because they simply don’t have the same resources large corporations do for cyber defense, but they do possess the valuable data cyber criminals seek. Community associations particularly keep valuable data on their computer systems, including homeowners or condo owners’ bank accounts and routing numbers, credit card numbers, Social Security numbers and email addresses. Cyber criminals with this data in their hands can steal identities as well as funds.

How do hackers gain access to small business networks in the first place? The number-one tactic is via email, or, more specifically, email attachments. According to the Symantec’s 2018 Internet Security Threat Report, 88% of malicious emails use malware-laden attachments to ensnare their victims.

There are also other ways data gets into the wrong hands, including:

  • A computer malfunction that inadvertently distributes a community association’s confidential information in a mass email or on printed material, or posts of sensitive data on a website.
  • A cyber criminal who hacks the association’s computer system and gains access to the association’s bank accounts.
  • An association employee’s or board member’s iPhone, laptop or USB flash drive containing sensitive member and board executive session information is stolen.
  • A hacker breaks into a vendor’s software program that records the association’s payments and card transactions at the point of sale.
  • A vendor’s employee scans the association’s credit card information and sells the information to a third party for illicit purposes.

Board Members Can Be Liable

Community associations and board members can land themselves in hot water and find themselves liable if a cyber attack occurs. In addition to the loss to the association if funds are stolen, there may be compensation to owners if thieves steal their funds or personal information. There is also the expense to defend a potential lawsuit and resulting reputational damage to the association. Penalties may also be assessed if the targeted association failed to comply with state data-protection statutes. These statutes vary, which is why it’s important for an association to understand its obligations under the law.

The Importance of Cyber Security

To help mitigate risk, it’s important for the association to have a cyber security policy in place. This includes:

  • Review governing documents and local laws. These official documents will set up a foundation for adding a new cyber security policy.  
  • Determine which individuals will handle the data and which individuals will ultimately manage cyber security. Keep close tabs on who gets access to sensitive data and who gets administrative privileges.
  • Outline a plan of action if security breaches or criminal hacking occur.
  • Set up a list of rules for using association mobile devices or computers to ensure that unauthorized people will not be able to access confidential information.
  • Establish a data breach plan. To prepare for a potential data breach, there are several resources from trusted authorities like the Federal Trade Commission (FTC). The Online Trust Alliance has an online guide about data breach preparation and the FTC offers resources that explain the process of securing association data and protecting customer data.
  • Provide board members with a set of guidelines. These cyber security principles can help community associations better understand new policies and see how to respond to potential cyber attacks and data breaches. They are key to bringing everyone onto the same page regarding cyber security policies and procedures.
  • Teach residents about cyber security. Educating residents about cyber security should be a priority for the association. This can be done via the community’s newsletter, emails or letters directly to residents, along with tips posted on the community website.
  • Ensure that the association software is secure, with features that defend against malware and protect sensitive and confidential information.  This includes creating strong passwords, updating software regularly, investing in an anti-virus solution, encrypting all data, and ensuring regular back-ups are being made, among other measures. Make sure the management company will not be sharing the association’s private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.

Secure Cyber Liability Insurance

In addition to having a cyber security plan in place to help mitigate the risk of a breach, it’s also critical for an association to carry Cyber insurance. Note that General Liability insurance does not cover the impact of a data breach on the association. A Cyber policy includes first-party and third-party coverages. First-party coverage is for losses and damage to the business, while third-party coverage is for losses that an outside entity incurs due to a cyber event. A policy can be designed to pay for first-party expenses that include:

  • Legal and forensic services to determine whether a breach occurred and assist with regulatory compliance if a breach is verified
  • The costs involved to notify affected customers (homeowners, condo owners) and employees
  • Customer credit monitoring
  • Regulatory defense & penalties – coverage for defense costs and fines or penalties for violations of privacy regulations
  • Crisis management and public relations to educate customers about the breach and rebuild a company’s reputation
  • Business interruption expenses as a result of the breach
  • Cyber extortion reimbursement for perils including credible threats to introduce malicious code; pharm and phish customer systems; or corrupt, damage, or destroy your computer system

A Cyber policy can also be designed to pay for the following third-party expenses:

  • Judgments, civil awards, or settlements a client is legally obligated to pay after a data breach
  • Electronic media liability, including infringement of copyright, domain name, trade name, service mark, or slogan on an intranet or Internet site

Policies, including the scope of coverage, terms, sub-limits, deductibles and other important factors, vary from one carrier to the next and it’s important to work with an experienced insurance professional in designing a Cyber insurance solution that meets the needs of the association.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts
Commercial P&C Insurance

Commercial Office Space Set for a Strong Comeback

The sustained increase in demand for office space across the nation since late 2022 suggests that the market has moved past its lowest point, according to insights from the real estate technology platform, VTS. Demand for office space began to rise in late 2022 and continued into early 2023. Since then, the office market has experienced a period of stability and growth, supported by favorable economic factors, indicating a market rebound. This conclusion is drawn from the VTS Office Demand Index (VODI), which tracks unique new tenant tour requests for office properties in key U.S. markets. The VODI serves as an early indicator of future office leasing activity. According to the index, demand for office space has grown consistently over the past 12 months, closing the second quarter with a 17% year-over-year increase and a 34% rise from the VODI’s lowest point in December 2022. A significant shift in office-based employment patterns further supports the belief that demand for office space has stabilized. After reaching its peak in August 2022, office-based employment declined by 3.9% in early 2024. However, this trend has since stabilized, and employment growth has remained steady. Additionally, a recent decrease in work-from-home rates has fueled the renewed demand for office space. “They say you can only recognize a market bottom after it has passed, and the office space market is no exception. Following what we now see as the bottom, the national demand has gradually increased, though it remains susceptible to economic challenges,” said Nick Romito, CEO of VTS. “However, the growth observed in VODI over the past 18 months, coupled with positive trends in the office-using workforce, suggests that the market has reset, and the worst is behind us.” It’s important to note that this national trend does not impact all local markets equally. Cities like Los Angeles and New York City have seen healthy growth in office space demand, while markets such as San Francisco and Washington, D.C., have experienced prolonged stagnation. In Los Angeles, office space demand surged in the second quarter, briefly surpassing pre-COVID levels, driven by an increase in the average size of office spaces sought by tenants. New York City followed a similar overall pattern, though with some softness in the second quarter. Conversely, San Francisco’s demand for office space remains unpredictable, largely due to its tech-focused workforce, which continues to favor remote work more than other industries. “Markets heavily dependent on the tech sector, like San Francisco and Seattle, are on a markedly different post-COVID recovery path compared to more diversified markets like Los Angeles and New York City. It may take some time before we see office demand in San Francisco and Seattle return to pre-COVID levels,” added Ryan Masiello, Chief Strategy Officer at VTS.

Read More
Cyber Liability

Global IT Outage Puts Business Interruption Insurance in the Spotlight

In July, a global IT outage had a significant impact on business interruption insurance policies, overshadowing the effects on cyber insurance coverages. “This incident wasn’t a result of a malicious attack, which is why typical cyber insurance policies may not have been activated,” explained Peter McMurtrie, a partner in West Monroe’s insurance sector, in an interview with PropertyCasualty360.com. “Where coverage was applicable, factors like deductible amounts, waiting periods, and coverage limits played a critical role in determining the extent of exposure,” McMurtrie noted. “Standard policies for small businesses were less likely to offer coverage, while more complex policies for mid-sized companies and Fortune 500 corporations may have included broader triggers for non-malicious outages caused by third-party software issues.” The outage was triggered by a software update on July 19, 2024, by cybersecurity firm CrowdStrike, which affected organizations worldwide using Microsoft Windows. This interruption had far-reaching consequences, including disrupting hospital systems, media outlets, financial institutions, delaying thousands of flights, and halting daily business operations. McMurtrie emphasized that while the initial impact of the outage was similar for both large and small businesses, the ability to recover operations and whether insurance covered the loss of business income varied. “Larger companies are more likely to have advanced disaster recovery plans that ensure service redundancy following unexpected outages,” he added. “Their insurance programs also tend to cover a wider range of incidents.” According to Microsoft, the CrowdStrike update error affected over 8.5 million Windows devices globally. The incident highlighted the interconnected nature of our global ecosystem, including cloud providers, software platforms, security services, and their clients. “It’s a stark reminder of the importance of prioritizing safe deployment and disaster recovery across the tech industry,” the company said in a blog post. McMurtrie pointed out that the outage’s widespread impact was largely due to its effect on organizations that are critical to societal infrastructure—sectors like agriculture, airlines, banking, energy, government, healthcare, manufacturing, and retail. “Insurance companies base their risk appetite on their ability to understand and price risks appropriately. This becomes increasingly challenging with emerging threats,” he said. “However, I anticipate that insurers will respond by clarifying policy language, refining risk selection criteria, and possibly developing new products specifically designed for this evolving exposure.”

Read More
Categories
Try your instant quote
Click here to proceed