With COVID-19 fundamentally changing the way business is conducted, companies of all sizes are finding the need to adapt. Nonprofits are no different. While the ways that communities are currently being served may have changed, overall missions remain strong.
The lifeblood of these missions, as always, is funding. With galas, auctions, dinners, and other fundraising functions currently on-hold, organizations have had to shift focus to online fundraising and digital campaigns to stay afloat.
In 2016, NetDiligence’s study on Cyber Claims showed nonprofits were affected as a top –five ranked industry overall. In the time since, the reliance on online giving has only grown, creating an even more prevalent exposure that all organizations need to seriously consider.
In 2018, The Nonprofit Technology Enterprise Network (NTEN) released a study discovering many organizations were not taking the appropriate steps to protect themselves:
- 68.2% of respondents did not have documented policies and procedures to mitigate cyber attacks
- 59.2% of respondents did not provide any routine cybersecurity training to staff
- Only 17.1% of respondents required using a management tool for storing and sharing user IDs and passwords
Cyber-attackers don’t discriminate by size and many low-skilled attackers will use widely available ransomware-as-a-service programs to attack smaller companies, which they view as ‘low-hanging-fruit’ due to smaller information technology budgets. The large amounts of personal information held by even small nonprofits make them targets. A multi-faceted cyber risk management strategy as well as cyber response plan, including clear written protocols, employee training, and cyber insurance is crucial.
Cyber Insurance protects your organization by covering losses resulting from data breaches, malware, and other electronic attacks. Policies traditionally include First Party and Third Party Defense.
- First Party Defense are costs incurred by the organization as the result of an attack, like informing your staff and volunteers that a breach has occurred, and the need to reconstruct lost data, are covered under this provision.
- Third Party Defense is the coverage applied to claims made by individuals or groups that have had their information stolen as the result of the cyber-attack on your organization. For example, legal fees incurred or judgements handed down after a lawsuit is filed by a volunteer whose identity has been stolen.
With so much work being done remotely, particularly around fundraising and charitable giving, a robust Cyber Risk Mitigation plan is more crucial than ever. Cyber Insurance, a critical component, needs to be part of yours.
Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.