Cyber Liability Insurance is imperative for property professionals - Blog

Cyber Liability Insurance is imperative for property professionals

Cyber Liability Insurance is imperative for property professionals

Industry Comment Paul Offley, The Guild's Compliance Officer 18th January 2021

With more people than ever before working remotely, there is a lot more vulnerability surrounding IT systems, which has resulted in an increase in the number of cyber-related crimes. Data from Interpol shows that during the pandemic, ransomware incidents have increased by more than a third, with Phishing/Scam/Fraud claims increasing by 59%.

Paul Offley, Compliance Officer at The Guild of Property Professionals, says that the increased number of cyber-crime incidents has led a substantial correction in cyber insurance premium rates, as well as insurers requesting more data and demanding much tighter risk management procedures. “Where possible property professionals need to ensure that they have procedures in place to protect their systems against cyber-crime, especially considering the amount of sensitive data that both estate and lettings agents would hold, such as addresses, account details, alarm records and passwords to access homes, not to mention passport details and the like.  It is this sensitive information that has made those within the property sector a target for cybercriminals,” Offley advises.

He adds that cyber liability is not typically included under professional indemnity insurance and it (PI) should not be relied upon as an alternative to a standalone cyber liability policy covering first and third-party loss. With the increased occurrence of cyber-crime, property professional’s reliance on technology, along with the type of information they hold, it is imperative that agents consider added cyber liability to their insurance programme if they have not already done so.  “Most businesses only take-out cyber liability after they have had an incident, which considering 88% of UK companies have suffered breaches in the last 12 months, seems likely. It is far better to be proactive and get coverage before an incident occurs,” says Offley.

Oliver Wharmby, Director at Mint Insurance Brokers Ltd, said: “Cybercriminals are becoming increasingly sophisticated and have appeared to have shifted their focus from larger companies to SME’s and remote workers during the pandemic.  We have seen increased claims frequency due to the vulnerabilities surrounding home working. If large corporate entities and government bodies are susceptible to being hacked, how much more vulnerable are independent agents or remote workers who typically have weaker technological defenses making it far easier to penetrate IT systems,” he warns.

Wharmby adds that many of the cyber incidents seen are ransomware cases which often involve sensitive data being downloaded from inboxes and client folders. “Once a breach has occurred you are required to report it to the Information Commissions Office (ICO) and complete a full investigation to identify how the breach took place and what personal data has been compromised. Informing data subjects that their personal data, such as their passport, account details and address has been taken by a cybercriminal can be extremely delicate and particularly if the data subject is a barrister acting as a guarantor! Cyber Liability policies include instant response cover and it is this section of the cover that is so important to help mitigate any further threats. If your systems are paralysed for a week, it is impossible to quantify the financial loss and brand reputational damage to your business. It is not uncommon for investigation costs alone, regardless of whether a claim is paid out, to exceed £40,000.”

Wharmby says that while nobody is immune to the threat of cyber-crime, there are basic controls that will help reduce the risk:

Regular password updates on all devices.

Password complexity – Strict password rules should be implemented. Keep variety by using different passwords for different accounts.

Do not share your password.

Two Factor Authentication where appropriate.

Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing.

Software updates.

Ensure files are encrypted.

Monitoring of mobile and home working procedures

Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine.

Cyber Liability Insurance

“In the ever-expanding age of digitalization, it is essential that you are aware of the genuine risks associated with cyber-attacks. If agencies do not already have a comprehensive cyber liability policy in place, we would strongly recommend they consider protecting their business from cybercriminals. It is a small price to pay for the reassurance of having support when you need it in a worst-case scenario,” Wharmby concludes.


Paul Offley, The Guild's Compliance Officer

Paul Offley joined The Guild in 2017 as our in-house Compliance Officer, to help Members stay on top of legislation. Paul’s career has maintained a focus in estate agency for over 40 years, building a specialist knowledge in the compliance function. Paul helps Members to reduce the probability of any risk materialising by working alongside agents to identify areas where the business is at a high risk of exposure. Guild Members have compliance tools at their disposal and are regularly presented with updated information on the latest legislation requirements. Paul is also on hand to speak to agents individually, delivering quality and high standards to all our Members. Paul has been providing continual support to The Guild Members throughout COVID-19, from legislation and Government updates, to providing indispensable and personalised advice through Facebook Live. He is passionate about raising standards, and is part of The Property Ombudsman Industry Forum.

More articles from Paul Offley, The Guild's Compliance Officer

Update Cookies Preferences