Ask the Expert: Cyber Liability Insurance Policy
Request a Proposal!
Most owner associations have Crime and Fidelity policies which help to protect the association, board of directors and their representatives (manager) from incidents involving funds and embezzlement. Not many associations actually have Cyber Liability coverage, which protects against crimes regarding association data in the digital space. Now more than ever, HOAs & COAs are moving business online and it is only common sense to see the value in extending association insurance to protect your community's online interactions.
Watch our most recent Ask the Expert video below to get answers to your basic cyber insurance questions, including:
- What is a cyber liability insurance?
- What are potential liability scenarios?
- How do I protect my association from data breaches?
- What are cyber liability insurance costs?
Get answers on what homeowner boards should consider about cyber liability insurance:
What is cyber liability insurance? Whom does it cover?
"Cyber" is a broad term that refers to policies that cover an association against data breaches and other incidents where sensitive information is compromised or released. We recommend that your policy covers the association, board members and volunteers and anyone who works as an agent for the association, like the property manager.
Why are cyber liability insurance policies essential and how do they benefit an association?
Cyber policies are important because data breaches are becoming more common. We often hear from board members that property management companies should be responsible for data breaches. However, if the breach originates at the association level, the HOA may be liable. For example, a board member could accidentally introduce malware into the property management portal. Or, let's say, the treasurer's bag was stolen and protected information was inside.
In any event, these policies are beneficial for several reasons: they provide resources to prevent breaches, reduce costs, boards can budget for premiums (unlike the incalculable costs of any breach), and they protect management companies while looking into a claim on behalf of the association.
What's the difference between HOA/COA and management company liability?
There are three scenarios that come to mind:
- The first involves a property manager authorizing a bank withdrawal for community-related services. However, the withdrawal turns out to be fraudulent. So who's responsible? As long as the board approved the withdrawal property manager, the association is liable.
- In the second scenario, an HOAs website is hacked through their management partner's portal. In that case, because the issue originated with the management company, they'd be liable.
- In the last scenario, I think of a community's social media account being hacked or an authorized user logging in and sharing personal information about a resident, which leads to harassment. In this example, the association is responsible because it originated on their social media page.
Can you clarify contractual indemnity as it relates to cyber liability policy?
Sure, but I want to express that I'm not an attorney. When we see management contracts, they include wording that the association will indemnify and defend the property manager and management company as long the board works on the association's behalf.
There are usually exceptions for these types of agreement: gross negligence, willful misconduct and fraud. Since these issues are typically decided in court, the association may have to defend the property manager until the court makes a ruling.
Going back to the first scenario we discussed, let's say it was proven that the property manager colluded with another party to commit fraud. In this case, the manager is liable.
What are the basic cyber policy coverages? What are the general cyber liability insurance costs?
Cyber policies vary in terms of cost and coverage. Still, we recommend having coverage for instant response costs, public relations expenses, any data recovery effort, fines and defense costs, and network extortion. Also, in the age of social media, your public platforms (i.e. Facebook, community website, etc.) should be included in your coverage.
As far as pricing goes, it's based on the insurance you're looking for and the size of the association. A basic Ingroup, Inc. policy can start at around $300 annual premium for coverage up to $500 thousand and range up to $900 annual premium for $1 million dollars of coverage. However, we [and most insurance brokers] have options that work for most HOAs.
To read more about data security and cyber liability insurance, check out these related articles:
Cyber Security Part One: How Community Residents Can Protect Their Tech
Cyber Security Part Two: Board Member Tips for Keeping Your Community Association Safe
Reduce Your Association’s Risk with Cyber Liability Insurance
FirstService Residential Ask the Expert webinar miniseries aims to answer the most frequently asked questions of associations throughout Texas on a variety of key topics. To get more information or submit a topic for our next Ask the Expert video, contact us at LetsTalk-TX@fsresidential.com.