Cybersecurity stats show that nonprofits are operating in an increasingly risky digital world. The University of Maryland estimates that hackers attack every 39 seconds – and CohnResnick has found that more than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
In other words, many nonprofits are vulnerable to cyberattacks.
So, do nonprofits need cyberinsurance?
The answer is complicated. Cyberinsurance is increasingly a point of consideration for nonprofits – but determining your need for it requires consideration of a range of factors. To help you approach the decision strategically, let’s unpack some of them.
These considerations will help you to make an informed decision as you evaluate your nonprofits needs and risk profile. Your nonprofit cybersecurity strategy may involve cyberinsurance – but the solution will depend on your context.
Are you ready to take a strategic approach to cyberinsurance? Let’s dive in.
Cyberinsurance is a service that helps to reduce risk by offsetting the costs involved in recovery from cybersecurity incidents.
Perhaps the most common form of cyberinsurance is purposed specifically toward breaches (as opposed to outages or different types of hacks). For example, here’s how Nationwide defines their offering:
“Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.”
While cyberinsurance has only recently become more mainstream, CIO Magazine notes that, as a concept, it’s been around for a while – the term was originally coined in 2005.
Generally, nonprofit cyberinsurance works much like other forms of insurance. Organizations pay a recurring premium to receive varying types and degrees of coverage against cybersecurity damages.
Some areas of coverage include:
Should an event occur, nonprofits will be required to provide legitimizing documentation to receive coverage (in the same way that car insurance policy holders must submit proof of damage to receive payments). Often, nonprofits must also show that there was no negligence on their part – that all reasonable steps were taken to prevent the attack.
With the what and how of cyberinsurance in mind, here are a few of the most common questions to consider as you evaluate your own nonprofit’s need for the service.
Generally, if you are processing payment information or storing personal data, your organization may be vulnerable to extensive cyber damages. In these cases, seeking coverage may make sense.
However, note that cyberinsurance, like other forms of insurance, varies in cost based on your level of risk. So, if you truly are higher risk, you’ll pay more for insurance.
This is a crucial point. There are many examples of organizations with extensive cyberinsurance packages going uncovered for damages. In 2013, for example, a health provider called Cottage Health System was held financially responsible for a data breach, even though the organization had cyber insurance – they were found to have been negligent in their cybersecurity upkeep, voiding their protection.
Coverage varies policy by policy, and may also vary depending on your organization’s actions. Don’t pay for insurance without ensuring you comply with requirements and that your coverage applies to the areas where it’s most needed.
Finally, consider your organization’s approach to cybersecurity. Obviously, a proactive and strategic approach to cybersecurity can reduce your risk, possibly reducing your need for cyberinsurance in the first place. As we’ve seen, though, it can also impact the cost you would pay for cyberinsurance.
If you take a strategic approach to cybersecurity and identify an area where coverage would be helpful, you may be able to get an affordable premium.
Hopefully, this information has been helpful as you evaluate cyberinsurance for your nonprofit organization. If you’re looking for more guidance – or to reduce the likelihood of cyber incidents in the first place – get in touch with us.
At Community IT Innovators, we’re experts in nonprofit cybersecurity, and we have worked with clients with and without nonprofits cyberinsurance – and cyber insurance makes a big difference. We’ve found that many nonprofit organizations deal with more cybersecurity risks than they should have to after settling for low-cost IT support options they believe will provide them with the right value.
As a result, cyber damages are all too common.
We can help. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.
Whether you need help reviewing your cyberinsurance options or assistance in reducing the likelihood of an attack – if you’re ready to gain peace of mind about your cybersecurity, let’s talk.
Join Dominique Diggs from Social Justice School and Norwin Herrera and Carolyn Woodard from Community IT Wednesday, July 27, 2022 at 3pm Eastern, 12 Noon Pacific to discuss managing a hybrid platform.