Skip Ribbon Commands
Skip to main content

Cyber Crime Liability Protection​


By Jeffrey Tirado, Regional Sales Manager, Ian H. Graham Insurance

Does an association you manage have a website? Does it conduct credit card or electronic funds transfer banking transactions on its website or through a third party vendor, or record or track unit owner, homeowner or volunteer information? Does the association use social networking media such as Facebook or Twitter? Do association staff and volunteers have access to sensitive information via laptops or other portable devices like smart phones?

If you can answer “yes” to any of these questions for an association you manage, it may be at risk of a potential data/security breach—the fastest growing crime in the world.

While the standard insurance coverage available to community associations covers general liability, D&O and commercial property, it typically doesn’t provide coverage for cyber liability-related claims. If left unprotected in the event of a cyber-liability claim, an association could be at significant financial risk.

What is a data/security breach?
A data/security breach is when sensitive, confidential data, such as personal identification or health information, trade secrets or intellectual property, may have been viewed, stolen or used by an unauthorized individual. Such breaches, called cyber-crimes, occur every day and cost those affected billions of dollars per year to investigate, repair company systems and websites, recover losses from the disruption of business, and even defend against lawsuits and rebuild a tarnished reputation.

Any organization—including homeowner associations—that houses or exchanges electronic data via a website or conducts business online is susceptible to a data/security breach. Roughly 75 percent of all organizations will experience at least one data-related violation each year, and expenses incurred from the theft or loss of sensitive data can be debilitating.

Although a security breach may be caused by someone intentionally hacking into a system, more often than not, it’s due to negligence; a lost or stolen laptop, smart phone or memory stick, or an unsecured IT network can lead to significant breaches. Any data in the wrong hands can cause  damage.

Data breaches are expensive
At least 46 states have mandatory notification laws, and if an association you manage experiences a data breach, affected customers and certain regulatory agencies must be notified. The association may have to prepare written alerts or press releases, and pay for printing, postage, advertisements or call centers to inform members and unit owners of the breach.

With your members/unit owners’ personal information exposed, the association also may be expected to pay for credit monitoring services for each person or household affected. Because the association had a duty to secure consumer information, it could face lawsuits for its breach of duty, which can result in hefty legal fees and years of litigation. An association also may be liable for a digital forensics analysis to determine how the breach occurred and the installation of new security systems to guard against future instances.

What is cyber insurance?
Cyber-liability insurance—sometimes known as data/security breach, network security or privacy insurance—extends an association’s D&O liability coverage to include coverage for claims related to third party unauthorized disclosure of nonpublic personal information or identify theft. Ian H. Graham now offers a cyber-liability and expense-coverage extension to its D&O policy.  It provides $50,000 to cover fees and expenses required to comply with a Security Breach Notice Law including notification, monitoring, computer forensics, attorneys/experts to negotiate with regulators after a privacy breach event and remediation of the deficiencies that gave rise to the privacy breach event. It also provides protection for inadvertent disclosure or theft of confidential information like social security numbers, bank account information and credit card numbers and helps protect against damage to computer systems and data from computer viruses, hacking and criminal activity.

Are the associations you manage protected? For details, contact Ian H. Graham Insurance at 1-800-621-2324 or via email at

The author, Jeffrey Tirado, is a Regional Sales Manager at Ian H. Graham Insurance, a division of Aon, the world's largest insurance broker. Ian H. Graham specializes in providing insurance, including Directors' & Officers' Liability, to community associations. For more information, please visit


This article is provided for general informational purposes only and is not intended to provide individualized business, insurance or legal advice.  The information contained in this article was compiled from sources that Aon Affinity considers to be reliable; however, Aon Affinity does not warrant the accuracy or completeness of any information herein.  You should discuss your individual circumstances thoroughly with your legal and other advisors before taking any action with regard to the subject matter of this article. Only the relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured.