September always comes with a ‘back to school’ type feel, and after a few months…
Cyber Insurance – are you covered?
It will not need me to spell out just how important fraud prevention is for conveyancing firms, particularly in a cyber environment where large parts of our work are now online, and which – without the right processes and protections in place – could make both them and their client susceptible to fraudsters using these avenues.
Even with what we believe are solid protections in place, we would all be naïve to think that fraudsters aren’t going to keep pushing our defences in order to find potential weak links they can break through.
The point should also be made that, with so many different stakeholders involved, other partners within the chain are also very keen to be reassured that all firms active in the process, are operating to the very highest defensive standards.
Firms have already noted to us what is being asked of them in order to prove this, and we might all anticipate that such requirements are likely to become more intensive.
For example, recently we’ve seen PI insurers focusing much more intently on the take-up and the benefits of firms having specific Cyber Insurance cover as part of their overall PI.
In response to the greater threat that clearly exists, many lenders are asking conveyancing firms if they have specific Cyber Insurance protection in place.
We suspect a large number of firms might not actually know whether they have Cyber Insurance cover as a matter of course and clearly the first port of call will be to check with your insurer and your insurance policies to determine this.
Some might simply assume that Cyber Insurance is a standard part of their PII policies. It would not be wise to assume this. Depending on the insurer there are different policies which do contain it, and different ones that don’t.
The obvious problem here is that if you don’t have Cyber Insurance your firm might be deemed not to be making the grade and you could be cut by those lenders, and indeed others, who are insistent on it being in place.
So, firstly check whether you do have this, because as mentioned, PI insurers have been pushing it hard. Secondly, alongside this, you clearly need to be actively reviewing the protections you do have in place, because by doing this not only do you give yourself the best chance of not being infiltrated by the fraudsters, but there could also be a benefit in terms of mitigating risk and bringing down insurance premiums in the future.
As a start, and to support individual firms’ work in this area, I would first point you to the CA’s Cyber Fraud and Fraud Protocol which will help conveyancers with information on how they can improve their cyber security, manage the risks of fraud and protect themselves and their clients from fraudsters.
It is available here and we have a commitment within the CA to regularly update it as new threats emerge, or as new ways of protecting firms and individuals are brought to light.
It’s fair to say that, because of the position of conveyancing firms within the home purchase and sales market and – as of now – the amount of money they are responsible for handling, they are going to be a ready target for fraudsters. They are looking for weak points, particularly from a cyber viewpoint, which will allow them to secure access to those large sums of money involved in the process.
Alongside our Protocol therefore, we would urge all firms to look at the National Cyber Security Centres’ (NCSC) Cyber Essentials scheme which ‘will help you protect your organisation, whatever its size, against a whole range of the most common cyber attacks’.
It is split into two options:
- Cyber Essentials – a self-assessment option which gives you protection against a wide range of the most common cyber attacks. Certification here should provide ‘peace of mind that your defences will protect against the vast majority’ of those.
- Cyber Essentials Plus – which still has the Cyber Essentials approach, but also comes with a technical verification which will be carried out on your systems and its ability to withstand fraud.
Cyber Essentials is important for conveyancing firms within the context of this debate because it requires firms to have Cyber Insurance in place. Having the certification that comes with it, means: customers are provided with a greater level of reassurance, new business can be attracted, firms get a clear picture of their security level, and as mentioned above, a growing number of organisations are requiring this of their suppliers if they want to either continue working for them or if they want to secure new work.
To help firms work on these highly important areas, and to provide up to date information on the protections they can put in place, we will have a representative from the NCSC at our September meetings, which are being held in York, and we hope as many firms as possible will be there to hear from them.
Overall, therefore, it will not be difficult to see the direction of travel and, as a starter for ten, you should check what cover your firm has, and whether it meets the needs of your business and that of those who you would like to keep working with.