Experts are urging real estate agents to consider safeguarding their businesses from the risk of cybercrime after multiple attacks hit the industry in recent months.
Fresh from the infamous high-profile attacks that exposed the personal data of millions of Australians late in 2022, cybercriminals hit the property market with a few agencies suffering data breaches.
With cybercrime costing SMEs $63,500 per incident and given the increasing number of ways cybercriminals can hack into networks, small business insurance expert Jane Mason says prevention may not be enough to keep businesses safe.
Small business owners may think they are protected from an attack, but then again, so did Optus and Medibank," Ms Mason said.
"Small real estate businesses are increasingly becoming targets, and despite their best efforts, they may be left to deal with the consequences if an attack does occur."
What data is at risk?
The real estate industry is no stranger to the threat of cybercrime.
Deloitte's 2018 paper Cyber in Real Estate unveiled the dangers of the real estate industry being transformed by technology, and the sector has featured among cyber attacks and scams since.
Digital rights activists have urged real estate businesses to collect less personal information, particularly in the residential leasing side of the industry, with many agencies strengthening their data security.
The types of information real estate agents hold that cybercriminals may find valuable includes personal information of tenants, landlords, and tradespeople as well as credit card details, passport data, and loan information.
What are the risks to real estate businesses?
The total impact of a cyber attack on a small real estate business could be hard to quantify.
Not only would businesses need to deal with the cost of recovering the data and investigating the attack, but they would likely need to account for business interruption costs and the expense of bolstering their cyber defences.
Then there is the cost of dealing with the PR fallout and the potential of being liable for fines and legal fees associated with the victims of the attack.
To put a number to a couple of recent attacks, Medibank said the hack would likely cost at least $25 million, while the Optus hack is said to cost $140 million.
The government is also investigating changing regulations in the aftermath of these incidents, according to legal experts, including increasing the fines for privacy breaches (currently capped at $2 million) and tightening cyber security requirements for businesses.
"Given that the real estate industry collects and stores vast amounts of sensitive information, the onus is on small business owners to protect themselves from costly and reputationally damaging data breaches," Ms Mason said.
What safeguards can be put in place?
Fortunately, there is plenty small business owners can do to prevent a cyber breach. The Real Estate Institute of Australia (REIA) has released a series of recommendations for real estate businesses to adopt in an effort to prevent cybercrime in the industry.
But while the REIA has committed to embracing cyber security best practice, it also found 60 per cent of respondents in a recent survey don't have a cyber response plan.
"Small businesses often don't have the financial clout or time needed to protect their business from the threat of cybercrime and will likely need to consider having a financial safeguard in place if things go wrong," Ms Mason said.
Cyber Liability Insurance* is one such safeguard designed to help protect small business owners from claims and support them in the event of a cyber breach or attack. Costs associated with defending a cyber claim are also covered.
Policies generally include cover for costs relating to the following:
- data breaches, including theft or loss of client information
- network security breaches
- business interruption costs
- forensic investigation into the cause or scope of a breach
- data recovery costs
- cyber extortion
- crisis management costs (to protect or mitigate damage to your businesses reputation resulting from a cyber event)
- loss and legal costs, including fines and penalties resulting from a third party claim for data or network security breach against your company.
"While risk mitigation is important, sometimes things can slip through," Ms Mason said.
"Ensure your real estate business is covered against the expense and legal costs associated with data breaches before your data is going once, going twice, sold… to malicious third parties."
Visit bizcover.com.au/ to compare quotes or give us a call today – no dramas!
*This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording. The provision of the claims examples are for illustrative purposes only and should not be seen as an indication as to how any potential claim will be assessed or accepted. Cover for a claim will depend on the specific circumstances around the loss and would be subject to the terms and conditions of the policy concerned. Coverage for claims on the policy will be determined by the insurer, not BizCover. © 2023 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769