Do Nonprofits Need Cyber Risk Liability Insurance?

While most headline-worthy cyber attacks stem from incidents that cripple massive corporations with billions of dollars in revenue, those companies are not the only ones at risk. In fact, smaller businesses are often more vulnerable to cyber attacks, even if they don’t have deep pockets.

Nonprofit organizations — no matter how noble their missions — are also vulnerable to cyber attacks. Understanding why nonprofits are prime targets for cyber attacks will help you show your nonprofit clients how they can benefit from cyber risk liability insurance.

Nonprofits: Prime Targets for Cyber Attacks

Ironically, the fact that nonprofits typically generate less annual revenue than larger companies is one of the factors that makes them more appealing to hackers.

Large companies have the resources to create a secure online presence, which makes their systems much more difficult to breach. While no systems are 100% hack-proof, the security measures employed by major corporations are robust and multi-faceted. Cyber criminals can spend months looking for a way in, only to come away with nothing to show for their efforts.

Distressed business woman finds out her business got hacked.

In contrast, small businesses and nonprofits typically have fewer resources to devote to cybersecurity. They may rely on basic security measures, which can leave them less protected. This ultimately leaves the average small business or nonprofit more vulnerable to a successful hack than a large corporation.

Risk Factors for Nonprofit Cyberattacks

When a nonprofit is the victim of a successful cyberattack, they can potentially face significant consequences. Most nonprofits engage in activities that are governed under specific data protection and privacy regulations, and a data breach can result in stiff penalties and lawsuits, not to mention a loss of reputation.

For example, if your organization engages in any of the following activities, a data breach can result in significant consequences:

  • Conduct e-commerce, such as selling merchandise via the organization website
  • Process donations
  • Collect information for event registration
  • Store and transfer personal information
  • Have newsletter subscribers

These activities often require storing sensitive personal information that hackers are after to use as leverage or sellable goods.

Assessing Cyber Risk for Nonprofits

To assess whether or not a nonprofit can benefit from cyber risk liability insurance, ask them the following questions:

  • What data do they store?
  • Is the data sensitive?
  • What do they do with our data?
  • Where do they store data?
  • Who manages their data?

Storing protected information on an insecure server, failing to have the right security protocols in place, and relying on individuals without the proper knowledge of cyber security to manage security are all red flags that nonprofit is at high risk. A successful cyber attack could be disastrous for such an organization.

Case in point: In a data breach, an unprepared nonprofit can find itself on the hook for millions of dollars in legal and settlement fees. One recent example was the successful attack on the nonprofit data services and software company Blackbaud, which suffered a crippling cyber attack in 2020. Many of Blackbaud’s clients filed lawsuits, claiming that the data leak potentially compromised their data and systems.

With such consequences on the table, every nonprofit that deals with or stores data should invest in cyber risk liability insurance. Doing so will also force them to review and shore up their security protocols, as it’s unlikely that a wholly vulnerable or defenseless nonprofit will be approved for insurance without doing so. Cyber insurance offers the dual benefits of helping to reduce the likelihood of an attack while providing a safety net in the event something does go wrong.

Additionally, because nonprofits are often smaller or less sophisticated, they are often at greater risk from social engineering and business email compromise attacks. We have seen this over and over again, where nonprofits are victimized when they are tricked into sending funds out to what they think is a legitimate vendor. Managing this risk can be simple, it requires a little employee training and making sure two people sign off on fund transfers and that they call a publicly available number for their counterparty and verify details over the phone.

Cyber Insurance Broker Tools for Nonprofit Clients

Ultimately, nonprofits face the same cyber risks of any enterprise, and are vulnerable to devastating consequences in the event of a cyber attack. Matching them with the right cyber risk liability insurance helps mitigate that risk.

To find the best insurance for your nonprofit clients, rely on our Cyber IQ Comparative Rate Platform. It allows brokers to instantly compare multiple quotes from multiple carriers, while our flexible Cyber Liability Insurance program offers broad coverage designed to cover privacy, data, and network exposures.

Click here to register for our Cyber IQ Comparative Rate Platform.