This trend is not expected to reverse any time in the near future, so it is easy to see that security measures alone are not enough to protect companies from the damage of cybercrime especially for not-for-profits which collect, use and store personal information. The extremely sensitive nature of this data greatly increases the potential risk for breach and damages which could result from such a breach.
While management at most not-for-profits believe a breach will never happen to them, current studies put the odds of a data breach occurring in an organization at 1 in 4. To paint an even bleaker picture, the average cost of a data breach for a U.S.-based organization is over $7 million. This can be distilled down even further, as breaches involving healthcare or similar organizations like not-for-profits had an average cost of $380 per record breached per a 2017 study by IBM Security and Ponemon Institute. When these factors are applied against the thousands upon thousands of records housed by an organization, you can see how quickly the bills could add up.
With most not-for-profits operating under tightly monitored budgets, the damages which could occur from a cyberattack have the potential to be devastating for the financial future of the organization. One potential tool which can help add an additional layer of protection is cyber insurance. Not-for-profit cyber insurance helps organizations recover from internet-based risks and attacks on their information technology infrastructure and sensitive data housed within, all of which are not covered under traditional general liability policies. Specifically, policies can cover damages such as denial of service, data destruction, data theft and/or extortion and defamation of reputation. Policies can also cover costs relating to incident response and remediation, forensic investigation and security. All of these can provide much greater peace of mind for management at a cost that can be surprisingly affordable.
Below is a breakdown of some key coverage areas worth exploring:
In order to determine which policy is right for your organization, it is important for the organization to first perform a network vulnerability test in order to create a cybersecurity risk profile so that they and their insurance provider know what level of coverage is appropriate for the risks that exist. As one would expect, policy limits are tied to the level of premiums and are key in selecting the level of cyber insurance needed by an organization. While it may sound like a good idea to have any cyber insurance, it is key to ensure you have adequate protection for the level of exposure potential that exists in your organization. As you can see above, it does not take anything more than an average breach to have steep costs incurred by not-for-profit entities.
It is imperative that management of businesses review their current IT security plan and look at adding not-for-profit cyber insurance as a final layer of prevention against the crippling financial impacts which cyberattacks can cause. Premiums are projected to remain affordable in the short term which may be seen as a bargain by management looking for peace of mind against a digital nightmare.
For additional information or if you’d like assistance in reviewing your current IT security plan, fill in the form below and one of our professionals will be in touch.