Christopher Rieser, profile picture
Uploaded byChristopher Rieser
336 views

Cyber Liability Risk

Cyber liability insurance provides protection against the risks associated with data breaches and loss of personally identifiable information. As property owners and managers collect large amounts of private data on residents, employees, and applicants, the costs of a cyber attack or data breach can be substantial. Cyber liability policies cover expenses like notification of affected individuals, credit monitoring, lawsuits, investigations, and loss of business resulting from attacks. While prevention is important through security measures and policies, the growing threat of cyber crime means companies should evaluate cyber liability insurance as part of their risk management strategy.

Embed presentation

Download to read offline
www.multi-housingnews.com August 2013 Capital Stack A Variety of Capital is Available for Acquisition & Rehab Financing The Pacific Northwest: Record Revenue Growth Are You Fully Protected Against Cyber Liability? Construction Methods for Extreme Weather
technology Cyber Liability Understanding the risk and defending against it By Kevin D. Smith, CPCU, ARM, The Graham Company A mong the many risks that property owners must manage is the risk of cyber liability. Years ago, privacy of residents’ personally identifiable data was confined to filing cabinets and office computers, but now this data exists electronically in the cloud, on laptops, smartphones or tablet devices often in addition to the paper files. Access points are everywhere, and the information can be easily transmitted. What’s more concerning is that cyber criminals are on the lookout for this data, and they are becoming more sophisticated every day. If that is not enough to worry about, state and federal regulations are being enacted that require a duty of care for this data, and complying can be difficult. Cyber liability insurance is relatively new and has become the fastest growing line of coverage over the last 10 years. Few industries are immune to the risk of data breaches that can include customer, vendor or employee data. As with any risk, it is relative to the type and amount of exposure an individual company faces. For property owners and managers, the amount of data collected on employees, residents or prospective residents can be immense, and a breach of this data would not only be embarrassing but also costly. Cyber liability insurance can provide a level of protection from this emerging risk and should be evaluated as part of any risk management program. 38 August 2013 | Multi-Housing News Cyber liability policies Cyber liability policies are designed to cover a company for a loss or breach of personally identifiable information. Traditional insurance policies were not designed to cover these types of exposures, so any coverage you might find under your general liability, professional liability, crime or property policies or even a directors’ & officer’s liability policy written for a privately held company will either be very limited or simply accidental. Some carriers might offer you an endorsement to provide coverage for a specific component of your cyber liability exposure, but it is usually not as comprehensive as buying a separate policy. Here are several reasons why your traditional insurance policies might not respond to a cyber liability claim: ■ General liability policies do not respond to claims for damage to intangible property (there is also typically a specific exclusion for claims arising out of electronic data) ■ General Liability policies typically exclude claims arising out of “blogs” you own or host ■ Property policies only provide loss of business income coverage if there was direct physical damage caused to your property (not caused by hackers or rogue employees who shut down your website or computer systems or the systems of a service provider you rely upon to conduct your business) ■ Crime policies do not respond to claims for damage to intangible property (there is also typically a specific exclusion for loss of confidential information) ■ Private company directors’ & officers’ liability policies typically exclude claims arising out of bodily injury (including emotional distress), property damage and specific types of personal injury ■ No traditional insurance policy currently provides coverage for the expenses associated with notifying affected individuals when their personally identifiable financial or medical information was breached while in your care, custody or control These are just some of the hurdles to overcome in order to find coverage for cyber liability claims under a traditional insurance policy. Evaluating costs Costs resulting from a breach can vary greatly, and when you take into account lost revenue or reputational damage, they can be significant. The costs associated with the breach include defense and judgment costs from lawsuits as well as notification and credit-monitoring expenses. Consider just the costs of notification and credit monitoring for a multifamily property manager with 3,000 residents. The cost of notification and credit monitoring after a breach can range from $30 to $50 per person. If the data lost compromised 3,000 records, these costs alone would be over $100,000. Policies can be structured to provide limits anywhere from $1,000,000 to $10,000,000 or more, with various deductible and coverage options to tailor the policy to fit the coverage Image by Vertigo3d/iStockphoto.com
and cost needs of the insured. Premiums will vary and will be dependent upon the amount of coverage, size of your organization, type of data collected and security measures in place. Generally, policies will start around $10,000 for $1,000,000 in limits. Some of the exposures and costs that can be covered under a well-structured cyber liability policy include: ■ Information security and privacy liability for failure to protect personal or corporate information (like tenant Social Security numbers and credit research) held on computers systems, smartphones, laptops or paper files or entrusted to third-party vendors ■ Costs to notify affected individuals that their personal information has been breached, as required by law ■ Other costs associated with data breaches, such as public relations, investigative costs and defense costs from lawsuits ■ Loss of business income when a “hacker” prevents your customers from accessing your website or disrupts your systems ■ Loss of business income when your service provider’s systems are affected by a “hacker” (such as a cloud service provider or credit card processing company) ■ Personal injury (such as libel) that may result from the use of blogs on your website or other social media When employees are cyber criminals Breaches can happen in a variety of ways, and there is no shortage of news of examples of significant breaches. The FTC reports that identity theft complaints were up 32 percent in 2012, and over 12 million people have been a victim of identity theft. While cyber criminals account for much of these instances, there is also the threat of human error of employees that causes data to be lost. For example, laptops left in cabs, smartphones lost, USB drives left in the open and stolen, or simply emailing a file with this data to the wrong address. While encryption can be a line of defense against the release of this data, many times it is not sophisticated enough, or it simply does not exist on every computer or device. In 2012, Blue Cross Blue Shield of Tennessee paid a $1.5 million settlement for penalties under the HITECH Act for a breach of over 1 million patient records after the theft of computer hard drives (with unencrypted health information). The use of third parties, such as a rent payment portal, does not eliminate the risk. The company that selected the third party would also be involved in a lawsuit or breach since they selected and promoted the third party for resident rent payments. A lawsuit would examine what level of due diligence was done by the property manager to select the third-party rent payment portal and its security measures. The need for prevention Preventing breaches with security protocols is a no-brainer and often a requirement of state or federal government. Good security and prevention measures also make you a more appealing risk for cyber liability underwriters, which help keep costs down if insurance is purchased. It begins with identifying the type of information collected and putting policies in place to protect this data. This protection can range from employment policies to control employee behavior, such as policies on downloading unauthorized software and rules related to personal device usage to technology solutions such as keeping anti-virus software up-to-date and complex password protection measures. Your IT department should regularly monitor security measures and look for signs of attempted breaches. Many companies have used an outside consultant to perform an audit of the cyber security systems in place to determine vulnerable areas. The threat of lost data, the ensuing costs, and potential liability for property owners and managers is real and growing each year. Companies spend a lot of money and effort on keeping this data safe, but the sheer number of incidents suggests that it is only a matter of time before companies experience some sort of breach. MHN Kevin D. Smith CPCU, ARM, is vice president, real estate division director at The Graham Company, a property and casualty brokerage specializing in the multi-housing. To comment on this story, e-mail Diana Mosher at dmosher@multi-housingnews.com www.multi-housingnews.com | August 2013 39

More Related Content

PPTX
The Basics of Cyber Insurance
byHB Litigation Conferences
 
PPT
Cyber Insurance Temp
byRohan Sehgal
 
PDF
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
byPaige Rasid
 
PPTX
Ci2 cyber insurance presentation
byEthan S. Burger
 
PDF
10 Reasons to buy Cyber Liability Insurance
byHubbard Insurance Group
 
PPT
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
PDF
Cyber Insurance - The Basics
byChris Stallard
 
PPTX
Cyber Liability - Insurance Risk Management and Preparation
byEric Reehl
 
The Basics of Cyber Insurance
byHB Litigation Conferences
 
Cyber Insurance Temp
byRohan Sehgal
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
byPaige Rasid
 
Ci2 cyber insurance presentation
byEthan S. Burger
 
10 Reasons to buy Cyber Liability Insurance
byHubbard Insurance Group
 
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
Cyber Insurance - The Basics
byChris Stallard
 
Cyber Liability - Insurance Risk Management and Preparation
byEric Reehl
 

What's hot

PDF
Managing and insuring cyber risk - coverage of insurance policies
byIISPEastMids
 
PDF
Cybersecurity and The Board
byPaul Melson
 
PPTX
CS3: Cybersecurity Extortion & Fraud
byPaige Rasid
 
PDF
CyberSecurity Insurance - The Ugly Truth!
bytopseowebmaster
 
PDF
CMW Cyber Liability Presentation
bySean Graham
 
PDF
Cyber liaility insurance the basics
byChandrasekar Koushik ACII®
 
PDF
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
byStatewide Insurance Brokers
 
PPTX
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
PPTX
Cybersecurity: Protection strategies from Cisco and Next Dimension
byNext Dimension Inc.
 
PPTX
Cyber Insurance CLE
bySarah Stogner
 
PDF
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
byEthan S. Burger
 
PDF
Cover and CyberSecurity Essay
byMichael Solomon
 
PPTX
Data Security and Regulatory Compliance
byLifeline Data Centers
 
PDF
Cyber liability and cyber security
byHelen Carpenter
 
PPTX
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
PDF
Construction Cyber Risks
byGraeme Cross
 
PDF
11 pp-cybersecurity-revised2 a
byIT Strategy Group
 
PDF
Top 10 leading fraud detection and prevention solution providers
byMerry D'souza
 
PPTX
Cybersecurity & Data Protection: Thinking About Risk & Compliance
byShawn Tuma
 
PDF
Debunking Myths for Cyber-Insurance
byPriyanka Aash
 
Managing and insuring cyber risk - coverage of insurance policies
byIISPEastMids
 
Cybersecurity and The Board
byPaul Melson
 
CS3: Cybersecurity Extortion & Fraud
byPaige Rasid
 
CyberSecurity Insurance - The Ugly Truth!
bytopseowebmaster
 
CMW Cyber Liability Presentation
bySean Graham
 
Cyber liaility insurance the basics
byChandrasekar Koushik ACII®
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
byStatewide Insurance Brokers
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
byNext Dimension Inc.
 
Cyber Insurance CLE
bySarah Stogner
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
byEthan S. Burger
 
Cover and CyberSecurity Essay
byMichael Solomon
 
Data Security and Regulatory Compliance
byLifeline Data Centers
 
Cyber liability and cyber security
byHelen Carpenter
 
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
Construction Cyber Risks
byGraeme Cross
 
11 pp-cybersecurity-revised2 a
byIT Strategy Group
 
Top 10 leading fraud detection and prevention solution providers
byMerry D'souza
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
byShawn Tuma
 
Debunking Myths for Cyber-Insurance
byPriyanka Aash
 

Similar to Cyber Liability Risk

PDF
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
PDF
Cloud security law cyber insurance issues phx 2015 06 19 v1
byMichael C. Keeling, Esq.
 
PPTX
Cyber for Beginners v2
byKenny Boddye
 
PDF
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
byNationalUnderwriter
 
PPTX
Captive Insurance and Cyber Risk
byThe Law Office of Hale Stewart
 
PPT
Cyber Risks
byRickWaldman
 
PDF
Protecting Your Business From Cyber Risks
byThis account is closed
 
PPTX
Cybersecurity: What does Cyber Insurance Cover?
byNext Dimension Inc.
 
PPTX
IT & Network Security Awareness
byThe Network Support Company
 
PPT
Cyber Facts and Prevention Presentation Gianino
by-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
PDF
84017
bySteven Browne
 
PPTX
A Look at Cyber Insurance -- A Corporate Perspective
byDawn Yankeelov
 
PDF
GDPR Cyber Insurance 11/1/2017
byisc2-hellenic
 
PPTX
Halvorsen on Risk Cyber Webinar
byHalvorsen on Risk
 
PDF
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
PDF
Cybersecurity Workshop
byKaufman & Canoles
 
PPTX
CCIAOR Cyber Security Forum
byCCIAOR
 
PPTX
CPA firm Cyber Insurance Specifics
byJoseph Brunsman
 
PPTX
The CPAs Guide to Buying Cyber Insurance
byJoseph Brunsman
 
PDF
Insurance for Cyber Risks
bysmithjgdc
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
byMichael C. Keeling, Esq.
 
Cyber for Beginners v2
byKenny Boddye
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
byNationalUnderwriter
 
Captive Insurance and Cyber Risk
byThe Law Office of Hale Stewart
 
Cyber Risks
byRickWaldman
 
Protecting Your Business From Cyber Risks
byThis account is closed
 
Cybersecurity: What does Cyber Insurance Cover?
byNext Dimension Inc.
 
IT & Network Security Awareness
byThe Network Support Company
 
Cyber Facts and Prevention Presentation Gianino
by-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
84017
bySteven Browne
 
A Look at Cyber Insurance -- A Corporate Perspective
byDawn Yankeelov
 
GDPR Cyber Insurance 11/1/2017
byisc2-hellenic
 
Halvorsen on Risk Cyber Webinar
byHalvorsen on Risk
 
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
Cybersecurity Workshop
byKaufman & Canoles
 
CCIAOR Cyber Security Forum
byCCIAOR
 
CPA firm Cyber Insurance Specifics
byJoseph Brunsman
 
The CPAs Guide to Buying Cyber Insurance
byJoseph Brunsman
 
Insurance for Cyber Risks
bysmithjgdc
 

More from Christopher Rieser

PDF
ZOOM Brochure_2015
byChristopher Rieser
 
PDF
Cyber Brochure_2015
byChristopher Rieser
 
PPTX
Managed Care Brochure 8.15
byChristopher Rieser
 
PDF
ZOOM One Pager 2 (Client)
byChristopher Rieser
 
PPTX
Beecher Carlson All Lines Presentation
byChristopher Rieser
 
PDF
Long Term Care Litigation 9/10/2013
byChristopher Rieser
 
ZOOM Brochure_2015
byChristopher Rieser
 
Cyber Brochure_2015
byChristopher Rieser
 
Managed Care Brochure 8.15
byChristopher Rieser
 
ZOOM One Pager 2 (Client)
byChristopher Rieser
 
Beecher Carlson All Lines Presentation
byChristopher Rieser
 
Long Term Care Litigation 9/10/2013
byChristopher Rieser
 

Recently uploaded

PDF
Project Proposal (Business Plan) ABC Kindergaten and Elementary School (Grade...
byReyan Business Consultancy
 
PDF
HOW To Buy Snapchat Accounts in first 2026-27.us uk.pdf
bykji4f35y4p4r3vpnch3
 
PDF
How to buy Facebook Inc. and how much will it cost.pdf
byusatrustacc5
 
PDF
Lion One Corporate Presentation November 2025
byAdnet Communications
 
PDF
Best Ways to Get a Fully Verified Snapchat Account in 2025.pdf
by4z3rwwiz2gj3kj98d5
 
PDF
CHAPTER 2 POSITIONING AND BRANDING of company
byUtsash Sarker
 
PDF
Marketing Localization for the Korean Market: Case Study by Alconost
byLizaDziahel
 
PDF
Business Plan (Project Proposal) for Goat and Sheep Fattening Farm in Chifra ...
byReyan Business Consultancy
 
PPTX
Identity Theft Prevention, all you need to know
byJuan Socorro
 
PDF
Localization success stories by Alconost 2025
byLizaDziahel
 
PDF
FINAL ASSIGNMENT PRESENTATION ABOUT CASE STUDY
byuyenntmsws00552
 
PDF
Business Plan for Agricultural Products (Soya Bean, Pulse, Sesame and Coffee)...
byReyan Business Consultancy
 
PDF
How to Safely Buy Reliable Verified Cash App Accounts_ A Complete Guide.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
PDF
Business_Plan for Higher Clinic In Agaro Town, Oromia Regional State, Ethiopi...
byReyan Business Consultancy
 
PDF
Lion One Corporate Presentation November 2025 Revised
byAdnet Communications
 
PDF
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byusatrustacc5
 
PDF
Slide deck AI-powered engineering training program
byMIPLM
 
PDF
How to buyCash AppAccount in first month .pdf
by5hb3cqye5o4j0o2dne3x
 
PDF
How to Open an Etsy Shop stores bulk.pdf
by5hb3cqye5o4j0o2dne3x
 
DOCX
How to Buy TikTok Seller Account 9.99.docx
byk5vy9ikhkb2vsmlhc47g
 
Project Proposal (Business Plan) ABC Kindergaten and Elementary School (Grade...
byReyan Business Consultancy
 
HOW To Buy Snapchat Accounts in first 2026-27.us uk.pdf
bykji4f35y4p4r3vpnch3
 
How to buy Facebook Inc. and how much will it cost.pdf
byusatrustacc5
 
Lion One Corporate Presentation November 2025
byAdnet Communications
 
Best Ways to Get a Fully Verified Snapchat Account in 2025.pdf
by4z3rwwiz2gj3kj98d5
 
CHAPTER 2 POSITIONING AND BRANDING of company
byUtsash Sarker
 
Marketing Localization for the Korean Market: Case Study by Alconost
byLizaDziahel
 
Business Plan (Project Proposal) for Goat and Sheep Fattening Farm in Chifra ...
byReyan Business Consultancy
 
Identity Theft Prevention, all you need to know
byJuan Socorro
 
Localization success stories by Alconost 2025
byLizaDziahel
 
FINAL ASSIGNMENT PRESENTATION ABOUT CASE STUDY
byuyenntmsws00552
 
Business Plan for Agricultural Products (Soya Bean, Pulse, Sesame and Coffee)...
byReyan Business Consultancy
 
How to Safely Buy Reliable Verified Cash App Accounts_ A Complete Guide.pdf
byHow to Safely Buying Verified Cash App Accounts: A Comprehensive Guide
 
Business_Plan for Higher Clinic In Agaro Town, Oromia Regional State, Ethiopi...
byReyan Business Consultancy
 
Lion One Corporate Presentation November 2025 Revised
byAdnet Communications
 
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byusatrustacc5
 
Slide deck AI-powered engineering training program
byMIPLM
 
How to buyCash AppAccount in first month .pdf
by5hb3cqye5o4j0o2dne3x
 
How to Open an Etsy Shop stores bulk.pdf
by5hb3cqye5o4j0o2dne3x
 
How to Buy TikTok Seller Account 9.99.docx
byk5vy9ikhkb2vsmlhc47g
 

Cyber Liability Risk

  • 1.
    www.multi-housingnews.com August 2013 Capital Stack A Varietyof Capital is Available for Acquisition & Rehab Financing The Pacific Northwest: Record Revenue Growth Are You Fully Protected Against Cyber Liability? Construction Methods for Extreme Weather
  • 2.
    technology Cyber Liability Understanding therisk and defending against it By Kevin D. Smith, CPCU, ARM, The Graham Company A mong the many risks that property owners must manage is the risk of cyber liability. Years ago, privacy of residents’ personally identifiable data was confined to filing cabinets and office computers, but now this data exists electronically in the cloud, on laptops, smartphones or tablet devices often in addition to the paper files. Access points are everywhere, and the information can be easily transmitted. What’s more concerning is that cyber criminals are on the lookout for this data, and they are becoming more sophisticated every day. If that is not enough to worry about, state and federal regulations are being enacted that require a duty of care for this data, and complying can be difficult. Cyber liability insurance is relatively new and has become the fastest growing line of coverage over the last 10 years. Few industries are immune to the risk of data breaches that can include customer, vendor or employee data. As with any risk, it is relative to the type and amount of exposure an individual company faces. For property owners and managers, the amount of data collected on employees, residents or prospective residents can be immense, and a breach of this data would not only be embarrassing but also costly. Cyber liability insurance can provide a level of protection from this emerging risk and should be evaluated as part of any risk management program. 38 August 2013 | Multi-Housing News Cyber liability policies Cyber liability policies are designed to cover a company for a loss or breach of personally identifiable information. Traditional insurance policies were not designed to cover these types of exposures, so any coverage you might find under your general liability, professional liability, crime or property policies or even a directors’ & officer’s liability policy written for a privately held company will either be very limited or simply accidental. Some carriers might offer you an endorsement to provide coverage for a specific component of your cyber liability exposure, but it is usually not as comprehensive as buying a separate policy. Here are several reasons why your traditional insurance policies might not respond to a cyber liability claim: ■ General liability policies do not respond to claims for damage to intangible property (there is also typically a specific exclusion for claims arising out of electronic data) ■ General Liability policies typically exclude claims arising out of “blogs” you own or host ■ Property policies only provide loss of business income coverage if there was direct physical damage caused to your property (not caused by hackers or rogue employees who shut down your website or computer systems or the systems of a service provider you rely upon to conduct your business) ■ Crime policies do not respond to claims for damage to intangible property (there is also typically a specific exclusion for loss of confidential information) ■ Private company directors’ & officers’ liability policies typically exclude claims arising out of bodily injury (including emotional distress), property damage and specific types of personal injury ■ No traditional insurance policy currently provides coverage for the expenses associated with notifying affected individuals when their personally identifiable financial or medical information was breached while in your care, custody or control These are just some of the hurdles to overcome in order to find coverage for cyber liability claims under a traditional insurance policy. Evaluating costs Costs resulting from a breach can vary greatly, and when you take into account lost revenue or reputational damage, they can be significant. The costs associated with the breach include defense and judgment costs from lawsuits as well as notification and credit-monitoring expenses. Consider just the costs of notification and credit monitoring for a multifamily property manager with 3,000 residents. The cost of notification and credit monitoring after a breach can range from $30 to $50 per person. If the data lost compromised 3,000 records, these costs alone would be over $100,000. Policies can be structured to provide limits anywhere from $1,000,000 to $10,000,000 or more, with various deductible and coverage options to tailor the policy to fit the coverage Image by Vertigo3d/iStockphoto.com
  • 3.
    and cost needsof the insured. Premiums will vary and will be dependent upon the amount of coverage, size of your organization, type of data collected and security measures in place. Generally, policies will start around $10,000 for $1,000,000 in limits. Some of the exposures and costs that can be covered under a well-structured cyber liability policy include: ■ Information security and privacy liability for failure to protect personal or corporate information (like tenant Social Security numbers and credit research) held on computers systems, smartphones, laptops or paper files or entrusted to third-party vendors ■ Costs to notify affected individuals that their personal information has been breached, as required by law ■ Other costs associated with data breaches, such as public relations, investigative costs and defense costs from lawsuits ■ Loss of business income when a “hacker” prevents your customers from accessing your website or disrupts your systems ■ Loss of business income when your service provider’s systems are affected by a “hacker” (such as a cloud service provider or credit card processing company) ■ Personal injury (such as libel) that may result from the use of blogs on your website or other social media When employees are cyber criminals Breaches can happen in a variety of ways, and there is no shortage of news of examples of significant breaches. The FTC reports that identity theft complaints were up 32 percent in 2012, and over 12 million people have been a victim of identity theft. While cyber criminals account for much of these instances, there is also the threat of human error of employees that causes data to be lost. For example, laptops left in cabs, smartphones lost, USB drives left in the open and stolen, or simply emailing a file with this data to the wrong address. While encryption can be a line of defense against the release of this data, many times it is not sophisticated enough, or it simply does not exist on every computer or device. In 2012, Blue Cross Blue Shield of Tennessee paid a $1.5 million settlement for penalties under the HITECH Act for a breach of over 1 million patient records after the theft of computer hard drives (with unencrypted health information). The use of third parties, such as a rent payment portal, does not eliminate the risk. The company that selected the third party would also be involved in a lawsuit or breach since they selected and promoted the third party for resident rent payments. A lawsuit would examine what level of due diligence was done by the property manager to select the third-party rent payment portal and its security measures. The need for prevention Preventing breaches with security protocols is a no-brainer and often a requirement of state or federal government. Good security and prevention measures also make you a more appealing risk for cyber liability underwriters, which help keep costs down if insurance is purchased. It begins with identifying the type of information collected and putting policies in place to protect this data. This protection can range from employment policies to control employee behavior, such as policies on downloading unauthorized software and rules related to personal device usage to technology solutions such as keeping anti-virus software up-to-date and complex password protection measures. Your IT department should regularly monitor security measures and look for signs of attempted breaches. Many companies have used an outside consultant to perform an audit of the cyber security systems in place to determine vulnerable areas. The threat of lost data, the ensuing costs, and potential liability for property owners and managers is real and growing each year. Companies spend a lot of money and effort on keeping this data safe, but the sheer number of incidents suggests that it is only a matter of time before companies experience some sort of breach. MHN Kevin D. Smith CPCU, ARM, is vice president, real estate division director at The Graham Company, a property and casualty brokerage specializing in the multi-housing. To comment on this story, e-mail Diana Mosher at [email protected] www.multi-housingnews.com | August 2013 39