The importance of cyber insurance for mortgage brokers

Introduction

As cyber criminals get smarter and find new ways of extorting their victims, industries like mortgage broking face more risks than ever. The financial impact of a cyber-attack can be devastating, not just in terms of immediate losses but also long-term reputational damage. National Australia Bank (NAB) reported an average of 1,500 scams monthly in 2023.

This underscores the urgent need for mortgage brokers to recognise red flags and safeguard their clients' information. This blog explores the importance of cyber insurance for mortgage brokers, detailing how it provides essential financial protection and ensures brokers can swiftly recover and maintain their operations after an attack.

Key takeaways

  • Cyber insurance helps mortgage brokers mitigate risks associated with online business activities.
  • Cyber liability insurance covers data breaches, cyber extortion, and business interruption costs.
  • Choosing the right cyber insurance policy involves assessing risks, understanding coverage, and selecting a reputable insurer.
  • Consulting a specialist can help tailor the right insurance policy for mortgage brokers.

What is cyber insurance?

Cyber insurance, or cyber liability insurance, helps mortgage brokers mitigate the risks associated with online business activities. This policy covers liability for data breaches caused by cybersecurity incidents.

Why is cyber insurance important for mortgage brokers?

Mortgage brokers handle sensitive client information, including personal details and high-value transaction records, making them prime targets for cyber-attacks. These attacks can have devastating consequences, such as exposing clients to fraud and causing long-term negative impacts on their lives.

Cyber Liability insurance provides the necessary protection for mortgage brokers against various cybercrime-related costs. One significant threat is cyber extortion, where criminals demand a ransom to release compromised data or restore services. Such incidents can be financially crippling and severely damage a brokerage's reputation.

The increasing frequency of cybercrime underscores the importance of this protection. Nearly 94,000 reports of cybercrime were received through ReportCyber in 2022-23, illustrating the widespread nature of the threat. Additionally, the average cost of cybercrime has risen by 14%, reaching $46,000 for small businesses, $97,200 for medium businesses, and $71,600 for large businesses. This financial burden can be overwhelming, especially for smaller and mid-sized brokerages.

Case Study: Medibank Cyberattack and its Impact on Mortgage Brokers

In October 2022, Medibank, one of Australia's largest health insurers, fell victim to a cyberattack that compromised the personal data of approximately 10 million customers. This breach exposed sensitive information, including names, addresses, phone numbers, passport numbers, and health claims data, putting individuals at significant risk of identity theft and financial fraud. The attack affected millions' privacy and underscored organisations' vulnerability to sensitive data.

For mortgage brokers dealing with extensive personal and financial information, the Medibank incident is a stark reminder of the potential consequences of cyberattacks. Such breaches can lead to severe operational disruptions, reputational damage, and legal repercussions. Hence, brokers should prioritise implementing robust cybersecurity measures to protect their clients' sensitive information and ensure the integrity of their operations.

What does cyber liability insurance typically cover?

Cyber liability insurance protects businesses from the financial impacts of cybercrime incidents. Coverage generally includes:

  • Costs associated with data breaches, such as the theft or loss of client information.
  • Expenses for network security breaches.
  • Costs for business interruption due to cyber incidents.
  • Forensic investigations to determine the cause or extent of a breach.
  • Expenses for data recovery.
  • Costs related to cyber extortion.
  • Crisis management expenses to help protect or repair the business's reputation after a cyber event.
  • Legal costs, including fines and penalties from third-party claims related to data or network security breaches.

What Is typically not covered?

  • Bodily injury or property damage.
  • Known issues or circumstances before the policy started.
  • Intentional or fraudulent acts.
  • Physical damage to computer hardware.
  • Costs for upgrading applications, systems, or networks.
  • Failures or outages of power, utilities, satellites, or telecommunication services.

Key information

If your broking business falls victim to cybercrime, call the Australian Cyber Security Hotline at 1300 CYBER1 (1300 292 371) for assistance or report the incident to the Australian Signals Directorate at cyber.gov.au/report

Cybersecurity risk mitigation strategies for brokers

Although cyber insurance can help cover the financial impact of cyber-attacks, brokers should also implement comprehensive risk mitigation strategies. These strategies include:

Update software regularly:

Regularly updating software is crucial for plugging vulnerabilities that cybercriminals exploit. Turn on automatic updates for all devices to ensure they receive the latest security patches. Most operating systems, including Windows, Apple, and Android, offer automatic update features. Regularly updating software, applications, and operating systems mitigates risks by addressing security flaws and enhancing functionality. For devices that no longer receive updates, consider replacing them to maintain a secure environment.

Multi-factor authentication (MFA):

MFA enhances security by requiring multiple identity proofs, such as passwords, fingerprints, or physical tokens, to access accounts. This method significantly reduces the risk of unauthorised access. Implement MFA across all platforms and services to protect sensitive information. Common MFA methods include biometrics, authenticator apps, and physical tokens. Even if one credential is compromised, additional layers of verification prevent cybercriminals from gaining access.

Strong passphrases:

Instead of simple passwords, use long, unpredictable passphrases composed of random words. A password manager can help generate and store these secure passphrases. Passphrases are harder to crack due to their length and complexity. Encourage using unique passphrases for different accounts and incorporating symbols, numbers, and capital letters if required by the service. This approach strengthens account security against hacking attempts.

Employee training:

Regularly train employees to recognise phishing, social engineering, and other cyber threats. Educating staff about cybersecurity best practices reduces the risk of human error, often exploited by cybercriminals. Training should include identifying suspicious emails, avoiding clicking on unknown links, and reporting potential security incidents. Ongoing education fosters a security-conscious culture within the organisation.

Data backup:

Regularly back up critical data to secure locations, such as cloud services or external hard drives. Ensure backups are encrypted and stored securely. Test recovery procedures periodically to ensure data can be restored in case of a cyberattack or data loss incident. A robust backup strategy protects against ransomware, hardware failures, and accidental deletions, ensuring business continuity.

Scam awareness:

Educate staff to identify and avoid phishing scams. Cybercriminals use deceptive messages to trick recipients into revealing sensitive information or clicking malicious links. Teach employees to verify the legitimacy of messages by checking with official sources and avoiding using links or contact details provided in suspicious communications. Awareness of common scam tactics helps prevent security breaches.

Incident response plan:

Develop a comprehensive incident response plan to address potential security breaches quickly and effectively. The plan should include procedures for identifying, containing, and mitigating cyber incidents. Conduct regular drills to ensure preparedness and refine the plan based on lessons learned. An effective incident response strategy minimises damage, reduces recovery time, and maintains business operations during a cyber crisis.

Do you need a trustworthy partner to securely process your applications?

At Brokers' BackOffice, we offer ISO 27001-certified services with comprehensive disaster recovery measures and regular data backups. Visit our data security page to learn more about how we protect your brokerage.

Read more

Tips to choose the right insurance policy for brokers?

Choosing the right cyber insurance policy for mortgage brokers involves a comprehensive understanding of your specific needs and the intricacies of available policies. Here's a detailed guide to help you make an informed decision:

Assess your risk profile:

Identify the unique cyber risks associated with your mortgage brokerage. Common risks include data breaches, ransomware attacks, and phishing scams. Evaluate how these risks could impact your operations, financial stability, and reputation.

  • Data breach coverage: Protects against costs associated with data breaches, including notification expenses, credit monitoring, and legal fees.
  • Cyber extortion: Covers ransom payments and expenses related to ransomware attacks.
  • Business interruption: Compensates for lost income due to cyber incidents disrupting your business operations.
  • Liability coverage: Protects against claims from clients or third parties affected by a data breach or cyber attack on your systems.

Determine necessary coverage:

Based on your risk assessment, determine the types of coverage you need. Key coverages for mortgage brokers include:

Evaluate policy terms and conditions:

Scrutinise the terms and conditions of potential policies. Important aspects to consider include:

Duty to defend: Ensure the policy includes a duty to defend clause. This obligates the insurer to provide legal defense, covering attorneys and court costs, in case of a covered claim.

Exclusions and limitations: Understand what is not covered by the policy to avoid surprises. Common exclusions might include pre-existing conditions or specific types of cyber incidents.

Retroactive coverage: Check if the policy covers incidents that occurred before the policy was in effect but were discovered after.

Compare costs and deductibles:

Balance the premium costs with the level of coverage provided. While lower premiums might seem attractive, they could come with higher deductibles or insufficient coverage limits. Ensure the policy offers a reasonable balance between cost and protection.

Select a reputable insurer:

Choose an insurance provider with a strong reputation and expertise in cyber risk management. Look for insurers who offer robust support services, such as risk assessment tools, incident response planning, and ongoing education on cybersecurity best practices.

Read reviews and seek recommendations:

Research reviews and seek recommendations from peers in the mortgage industry. Insights from other mortgage brokers can provide valuable information on the reliability and responsiveness of different insurers.

Consult a specialist:

Consider consulting with an insurance broker or specialist who understands the unique needs of the mortgage industry. They can provide tailored advice and help you navigate the complexities of different policies.

Ending note

Cyber insurance is essential for mortgage brokers to handle the growing threat of cyber-attacks, offering financial protection and ensuring quick recovery. Implementing measures like multi-factor authentication and regular data backups further strengthens this defense.

At Brokers’ BackOffice, our mission is to empower mortgage brokers across Australia by providing exceptional loan processing and back-office services. We understand that efficient loan processing is vital to your business's success, so our services are designed to streamline the entire process. Our deep industry knowledge has made us a strategic partner for many successful firms. Our team provides comprehensive support from application preparation to settlement. This ensures seamless operations and client satisfaction.

We prioritise client information security with encrypted data storage, multi-factor authentication, regular backups, and thorough staff training. Being ISO 27001 certified, we comply with all data privacy regulations and undergo regular security audits to maintain the highest standards. Contact us today for more information on how we can support your brokerage and enhance your cybersecurity.