|"Responses to questions and requests were well above the average for a software vendor..."|
Cyber Threats to Sensitive Information a Growing Concern in Mortgage Industry
With increasing amounts of data available in cloud computing environments, companies like Mortgage Builder provide safeguards for clients' data
Southfield, MI, November 9, 2011 –The threat posed by cyber criminals has become an increasingly real and growing concern in mortgage lending, and one that has attracted the attention of Congress, as evidenced by recent hearings by subcommittees of the House Committee on Financial Services. Fighting cyber crime is becoming a priority for more parties than ever before, from the Department of Homeland Security to private firms and insurance companies. As former Homeland Security Secretary Michael Chertoff recently said, “People often ask how much of a threat this is. It’s not a threat – it’s actually happening.” Chertoff’s consulting firm says cyber criminals cause over $100 billion in mayhem per year worldwide, and some believe it has exceeded drug trafficking in dollar volume.
As a line of defense to protect its clients against loss caused by cyber crimes, mortgage loan origination software maker Mortgage Builder has carried “cyber liability insurance” (CLI) coverage for the last three years, well before the issue became public knowledge. It also has completed a SSAE 16 Type II audit. “We do not consider cyber liability insurance coverage to be just an option,” says Mortgage Builder Founder and CEO Keven Smith, “It’s a necessity. Cyber criminals have become more sophisticated as the amount of information available in cloud computing environments has grown. It is our responsibility to protect the sensitive information with which we are entrusted by both clients and borrowers.” A report by the Ponemon Institute, a U.S. based information security policy research center, states that the median cost of cyber crime increased by 56 percent over the last year and now costs companies an average of $6 million per year. (Source: Second Annual Cost of Cyber Crime Study, Ponemon Institute, August 2011). The information came from a self-report survey of 50 U.S. based businesses, and the company notes that many companies decline to report cyber crimes, implying the problem is actually far greater than previously thought.
Bill Mitchell, Mortgage Builder’s vice president and national sales manager, notes that cyber liability insurance is not required for LOS providers, partially because the issue surfaced in earnest only in the last year. But more lenders, particularly the community banks that make up 70 percent of Mortgage Builder’s prospective clients, have become keenly interested in cyber crime protection. “A top-25 community bank that recently became a client found in their due diligence that many LOS providers lacked cyber liability insurance coverage,” he says. “It is rapidly becoming a requirement in RFPs (Requests for Proposals) among lenders when considering new loan origination software solutions.” Mortgage Builder carries the maximum policy available, Mitchell says, which includes coverage to $2 million per claim, but notes that higher limits may be available for lenders seeking supplemental coverage through their own providers.
Mortgage Builder also sees a successful SSAE 16 Type II audit as an essential security safeguard, indicating that the American Institute of Certified Public Accountants has tested the organization’s ability to protect sensitive business data. This new audit designation replaces the SAS 70 Type II audit that represented the industry’s top audit designation up until this year. “This is another protection against information theft that is not required for LOS companies,” Mitchell states. “It involves on-site physical verifications of security measures, control objectives and activities by an approved, independent auditor. We recently passed our ninth consecutive audit with flying colors, and we are seeing more clients who appreciate the commitment it represents to safeguarding their information,” he says.
“We hope for the best but we plan for the worst,” Keven Smith says. “Staying ahead of the requirements and keeping clients as protected as possible from cyber crime is our preferred method of doing business.”
Contact Us Today:
For Client Support Inquiries