Do You Need Not-for-Profit Cyber Insurance?

As the world we live in continues to become more interconnected, technology has allowed not-for-profits to provide services more efficiently while also increasing their ability to store and process the key data for those they serve. However, the push toward a fully integrated technological future has left many companies vulnerable to those who wish to access that data with an eye toward harming and not helping those in need. 2017 cyberattacks were estimated to cause $5 billion worth of damages worldwide, which is 15 times higher than the number of damages from two years ago despite record spending on cybersecurity.

This trend is not expected to reverse any time in the near future, so it is easy to see that security measures alone are not enough to protect companies from the damage of cybercrime especially for not-for-profits which collect, use and store personal information. The extremely sensitive nature of this data greatly increases the potential risk for breach and damages which could result from such a breach.

While management at most not-for-profits believe a breach will never happen to them, current studies put the odds of a data breach occurring in an organization at 1 in 4. To paint an even bleaker picture, the average cost of a data breach for a U.S.-based organization is over $7 million. This can be distilled down even further, as breaches involving healthcare or similar organizations like not-for-profits had an average cost of $380 per record breached per a 2017 study by IBM Security and Ponemon Institute. When these factors are applied against the thousands upon thousands of records housed by an organization, you can see how quickly the bills could add up.

With most not-for-profits operating under tightly monitored budgets, the damages which could occur from a cyberattack have the potential to be devastating for the financial future of the organization. One potential tool which can help add an additional layer of protection is cyber insurance. Not-for-profit cyber insurance helps organizations recover from internet-based risks and attacks on their information technology infrastructure and sensitive data housed within, all of which are not covered under traditional general liability policies. Specifically, policies can cover damages such as denial of service, data destruction, data theft and/or extortion and defamation of reputation. Policies can also cover costs relating to incident response and remediation, forensic investigation and security. All of these can provide much greater peace of mind for management at a cost that can be surprisingly affordable.

Not-for-Profit Cyber Insurance Coverage

Below is a breakdown of some key coverage areas worth exploring:

  • Notification expenses coverage: All states within the U.S. have notification requirements should a data breach occur. This means that your organization would need to allocate the time and resources to notify any potential clients, donors or employees which were affected, all of which can add up quickly. By obtaining notification expense coverage, your organization can be protected from this costly process.
  • Crisis management coverage: After all required parties are notified, your organization could face harsh criticism from the media and affected parties. Having crisis management coverage would allow your organization to cover the costs of hiring a public relations firm to minimize the defamation of reputation which could occur.
  • Regulatory investigation expense coverage: Both state and federal agencies can choose to investigate and take action against an organization they deem is negligent in safeguarding personal information. In addition, some policies offer coverages for the fines and levies that could arise from these investigations.
  • Data breach liability coverage: Any potentially affected person could bring a suit against the organization if their personal information was compromised due to the gross negligence of the organization. The data breach coverage would protect the organization from such claims.
  • Data loss and system damage coverage: While normal property insurance probably covers any computers which are owned by the organization, it would not cover the data stored on them. This coverage would allow the organization to be reimbursed for the costs of restoring the data, if possible, and sometimes even includes the costs for computer forensic analysis which would allow an expert to assess the scope of damage incurred.
  • Business interruption coverage: After a hack occurs, an organization’s systems may be down for an extended period of time relating to denial of service, damage to systems or inability to access key data. If this would cause the organization to close for a period of time, the loss of revenue could be extremely detrimental to the organization. This coverage would ease that loss of revenue from the organization not being able to operate following a data breach.

In order to determine which policy is right for your organization, it is important for the organization to first perform a network vulnerability test in order to create a cybersecurity risk profile so that they and their insurance provider know what level of coverage is appropriate for the risks that exist. As one would expect, policy limits are tied to the level of premiums and are key in selecting the level of cyber insurance needed by an organization. While it may sound like a good idea to have any cyber insurance, it is key to ensure you have adequate protection for the level of exposure potential that exists in your organization. As you can see above, it does not take anything more than an average breach to have steep costs incurred by not-for-profit entities.

It is imperative that management of businesses review their current IT security plan and look at adding not-for-profit cyber insurance as a final layer of prevention against the crippling financial impacts which cyberattacks can cause. Premiums are projected to remain affordable in the short term which may be seen as a bargain by management looking for peace of mind against a digital nightmare.

For additional information or if you’d like assistance in reviewing your current IT security plan, fill in the form below and one of our professionals will be in touch.

How Can We Help?

Previous Post

Next Post