Do Associations Need Cyber Insurance?

According to Robert E. Barlow, Jr., CMCA, AMS, PCAM, CIRMS, of NFP Insurance in Easton, Pennsylvania, most commercial property and liability insurance policies exclude coverage for cyber security related losses.

“Cyber security threats pose a significant financial threat to all associations, and, without having the proper coverage in place, an association could be forced to assess their community members for damages,” he said. “Many community associations assume the property management company is responsible if their association’s data is breached, but that simply isn’t true. The rules and regulations surrounding the protection of personally identifiable information are becoming more and more stringent. Personally identifiable information, referred to as “PII” is defined differently in each state and in New Jersey it’s a combination of a person’s name and social security number, a driver’s license number and an account or credit/debit card number in combination with a security code. Keep in mind, PII protection and regulations apply to paper records too.

“After a loss of a laptop, theft by a rogue employee or independent contractor, network security failure, hack or data breach, a cyber policy can provide forensic investigation of the breach, costs to notify of the breach, credit monitoring, public relations/crisis expenses, loss of profits and additional expenses while the network is down. In addition, third party (liability) coverages include legal defenses, settlements, virus transmission, costs to have credit and bank cards reissued, as well as costs to respond to regulatory organizations, social media and website liability.

“Over time we’ve seen insurance companies include a minimal amount of ‘data breach’ coverage on their enhancement endorsements or have it built into programs, but data breach is just one of the many cyber threats associations face today.

“Cyber liability policies can have upwards of 10-coverage parts for first party and third party damages. While there’s no “one size fits all” solution, these policies are reasonably priced, can be quoted within 24-hours and, best of all, some policies afford valuable professional risk management resources to assist in preventing losses, with expert hotlines for specialized IT professionals, attorneys and guidance in the event of a breach.”