Cyber security protects a most precious asset: your association’s data. 

Community associations are often targeted by cyber hackers because their databases house homeowners’ most sensitive information – everything from addresses to bank accounts to license plate numbers. Cyber liability insurance provides a crucial barrier against the ever-changing landscape of cybercrime.  

Watch the video below to see our subject matter expert, Greg Meyers of Labarre/Oksnee Insurance explain why cyber liability insurance is essential for all associations that conduct business online:

Read highlights from the video below:

Cyber liability insurance: What is it? 

Cyber liability insurance provides a combination of coverage options to protect HOAs from data breaches and other cyber security issues.

Whom does it cover? 

Those covered by cyber liability insurance include: 

  • First- and third-party financial losses, as well as the loss of transferred funds, computer fraud, and cyber extortion 

  • Board members 

  • Property manager 

  • Volunteers 

  • Committee members 

  • Any others who are involved in the HOA (the association as a whole) 


Why are cyber liability insurance policies essential? 

Every community association that conducts business online, stores data on servers, or simply uses email is at risk. Personal identifying information of residents and employees (names, addresses, bank accounts, Social Security numbers, driver’s license numbers, credit card numbers, makes and models of their cars) are frequently held in those computer systems. Also, if an association has a contractual relationship with a company, that company’s data stored on those computers is always at risk. 


How do cyber policies benefit an association? 

If a board member, committee member, employee, or managing agent regularly uses computers and mobile devices, the association has significant cyber exposure. If this information is breached, one of the following things could happen: 

  • The community association members’ personal information could be at risk of identity theft. 

  • The association may have to pay a significant amount of money via a loss of funds, compensation to members, or other penalties. 

  • All business activity of the community association could be interrupted. 

  • The association could face a damaged reputation and a potential lawsuit. 


HOA/COA liability vs. management company liability – what’s the difference? 

Most management companies are required to carry cyber liability insurance because of the mass amount of data they’re storing on behalf of the associations they manage. If an individual homeowner’s information were taken hostage or used for someone else’s financial gain, and if that information were taken from the management company system side, that would be covered under the cyber liability insurance policy of the property management company. 

However, if a board member were working on his own computer, using his personal network, and somebody hacked in and got control of that network, that would fall under the HOA/COA’s cyber liability insurance policy. If information were taken under that board member's control, it could have happened due to the HOA/COA.


Can you clarify contractual indemnity as it relates to cyber liability insurance policies? 

If a contract (for example, a management agreement) mandates that the HOA indemnify (compensate) the management company for cyber incidents that emanate (originate) from the HOA cyber liability insurance coverage, this is a way to fund the indemnity agreement. This is why so many large management companies require their communities to carry cyber liability insurance – it’s a way to fund the indemnity agreement. 


What are the basic cyber liability insurance coverages? 

There are four key components to cyber liability insurance coverage: 

  • Social engineering – Phone calls, emails, or texts convincing people to hand over sensitive information or money; the social engineer pretends to be someone in authority who requests information or payment. 

    • Example: A board treasurer receives an email from someone pretending to be the association’s contractor requesting a wire transfer payment for recent repair work. The email looks legitimate, so the treasurer wires $50,000 to the account of the social engineer. 

  • Ransomware – Malware that encrypts a victim’s files; hackers often send fraudulent emails with a link to click (fake invoices are a common disguise for sending ransomware). Once the recipient clicks on that link, the malware is downloaded onto his/her computer. If the victim’s computer is linked to a shared server, all the files in that server may be encrypted. The hacker would then demand a ransom payment to release the files. 

    • Example: A board member in a gated community clicks on a phony email attachment, then her files are encrypted. One of those encrypted files is the gate access system, so the gates are locked down. No one can get in or out of the community until the association pays the ransom. 

  • Lost or stolen laptops – Lack of adequate security protocols on laptops of community managers or board members.  

    • Example: A property manager leaves her laptop in her car while running a quick errand. Someone breaks into her car and steals the laptop. The homeowners’ protected information is compromised, and the management company incurs a notification expense for every owner potentially impacted. 

  • Email errors – Honest mistakes that have potential legal consequences. Selecting “Reply All” or inadvertently letting “autofill” insert the wrong recipient’s email address could release sensitive information to the wrong hands. 

    • Example: In preparation for an upcoming meeting, the board secretary completed an agenda that included information on a fellow board member’s medical condition. This was meant for the board’s eyes only, but the secretary accidentally clicked the wrong distribution list and sent the agenda to the entire association. That secretary would be liable for breach of privacy. 


How much does cyber liability insurance cost? 

The cost ranges depending on the type of policy. Some directors, officers, and crime carriers will include a small layer of cyber liability insurance coverage within those policies. However, it’s not as comprehensive and doesn’t always include those first- and third-party coverages.  

If you’re getting a separate, standalone cyber policy, you can expect to pay anywhere from $250 up to $1,800. 

It also depends on the limit – for a policy that’s lower in the $250,000 range, you’re looking at $250-$500. For a limit closer to $1 million, the cost is closer to $1,500 or somewhat north of that. 


Still have questions? 

Thank you for joining us for a general overview of cyber liability insurance. FirstService Residential's Ask the Expert webinar miniseries aims to answer the most frequently asked questions of associations throughout Texas on a variety of key topics.

If you would like to learn more about protecting your association's most sensitive information, or submit a topic for our next Ask the Expert video, contact us at [email protected]

We'd like to thank our expert:

Greg Meyers

Senior Account Executive,
Labarre/Oksnee Insurance

Ask the Expert, Greg Meyers of Labarre/Oksnee Insurance

Thursday March 09, 2023