Cyber Security Liability Insurance Coverage for Nonprofits
Data breaches and cyber attacks have become much more common in recent years. In fact, last year there was a 62% increase in data breaches, according to the Symantec 2014 Internet Security Threat Report. While most of the media attention goes to attacks on large companies (such as Target, Home Depot and Sony), small organizations are just as much at risk – or more – from cyber attacks.
As most digital security professionals would say, “You have probably been hacked already and don’t even know it.”
Even a small nonprofit with only a few employees is at risk of a serious cyber attack that could cost thousands or even millions of dollars to recover. Worse still, the sensitive data needed to operate (such as SSNs, bank account numbers, etc.) could easily be compromised in the event of a cyber attack.
The average cost of a data breach is $201 per compromised record. If an organization, such as a nonprofit, has hundreds or thousands of records, the expenses of an attack can add up very quickly.
Why Organizations are Vulnerable
Hackers and cybercriminals have developed sophisticated ways of getting your organization’s data. Simply inserting the wrong USB key into the wrong computer or clicking the wrong email attachment can allow hackers to infiltrate your organization’s computers. If your organization allows employees to bring their own device to work, an employee can accidentally log onto a wrong wireless network or download an infected file at home without realizing it. Then, when that employee brings his or her device to your office, the infection can quickly spread.
Recent insurance claims reveal these kinds of attacks are becoming a common problem for nonprofits. For example, the managing director of a private not-for-profit college received a letter from an anonymous person who claimed to have hacked into the college’s computer database and stolen the application records of more than 20,000 prospective students. The individual threatened to release the personal information unless he was paid $1 million in cash by the college.
While most organizations know data such as social security numbers and bank accounts must be kept secure, some of the most vulnerable data is not always apparent.
“Donor lists are a major asset for a nonprofit,” says Scott Lockman, Director of Commercial Insurance for Clements Worldwide. “Sometimes donations by individuals are very sensitive and private. Not protecting that could cause a significant loss and even a public relations issue.”
Fortunately, there is a solution to cyber attacks that can protect a nonprofit’s ability to recover after a major cyber security breach.
A Solution to Cyber Attacks: Cyber Insurance for Nonprofits
While preventing an attack can be very difficult and costly (and also not guaranteed to work), organizations can protect themselves by obtaining cyber insurance.
Cyber Insurance helps with the cost of “cleaning up” after an attack. Types of costs covered include:
●Notification costs to let affected individuals know their data may have been compromised, including notices required by law (which vary by country)
●Crisis management & PR expenses to educate donors and volunteers about the cyber event and the organization's response
●Cost of regulatory responses to pay for the technical, legal, or forensic services needed to respond to government inquiries regarding cyber attacks; this would also cover the costs of fines, investigations, penalties, and other regulatory actions
●Litigation and regulatory expenses that help cover costs from penalties, lawsuits, settlements, and other legal expenses that result from cyber events
●Costs to cover stolen funds or data that were lost as the result of a cyber event
If you’re an international nonprofit, you have to know the regulations for responding to data breaches are in every country where a data breach occurred.
Finding the Right Policy
International nonprofits need to find cyber insurance from a provider that will guide them through what they need to do before, during, and after a cyber event, and can help guide them through regulatory requirements that differ by country. With over 65 years of experience in providing international commercial insurance, Clements can help protect your organization from these risks and offers cyber liability insurance coverage. Clements can also help you explore other coverages, such as business interruption, computer hardware and software loss and extortion coverage, based on the size and complexity of your business operations.
To gain more detailed insight into the risks nonprofits and NGO face, visit our NGO & Nonprofit Industry Hub.
Call us today at +1.202.872.0060 or 800.872.0067 or e-mail email@example.com to discuss solutions tailored to your nonprofit's insurance needs.