Another Conversation About Nonprofit Cyber Liability

Nonprofit Cyber LiabilityIt seems like we hear almost daily now about cyber-attacks. We tend to believe that these attacks only happen to large companies because that’s what we read about in news. However, the statistics show that there are far more attacks on smaller companies including nonprofit organizations. Cybercriminals see smaller entities as “low hanging fruit” because they generally have less cyber protection and are easier to target. Cyber Liability is both easy to obtain and relatively cheap given the risks protected and is something all nonprofits should consider as part of their insurance program.

Cyber-attacks and the resulting damages are sometimes hard for us to wrap our heads around. These incidents are multi-faceted and can range from data breaches to intellectual property infringement to extortion to network security, etc. The average nonprofit doesn’t have a way to mitigate or deal with these risks so, it’s important to note that Cyber Liability coverage comes with access to experts and vendors that will step in and help you if a cyber-attack occurs.

Let’s look at a few examples…

Does your organization have a donor or client database?

Example #1 - Email Breach: The claimant, a food bank, had an unauthorized person gain entry to their email system which compromised personally identifiable information. First, they had to spend considerable resources to determine the extent of the breach. Then they had to immediately notify all those people (mostly donors) who had their information potentially stolen and offer them identity theft monitoring services for on-year. Lastly, they had to invest in better security for their network.


Does your organization rely on certain software or systems to operate?

Example #2 – Malicious Code: The claimant, a school, had a cybercriminal input a malicious code in their operational software. The teachers and students were no longer able to upload and download information and the student’s information was breached. First, the students had to be notified. Then they had to repair the malware that was installed. Lastly, they had to recover all of the missing data as well as establish a toll-free hotline monitored by experts for students and parents to address their concerns over the incident.


Does your organization rely on your website for donations or to provide information?

Example #3 – Ransomware: The claimant, a charitable foundation, had their website taken over and held for ransom. First, they needed to determine the cost (financial and otherwise) of paying the ransom versus shutting down the website and starting over. Then they needed to determine if any information was taken. Lastly, they had to secure their website with better firewalls.


All of the above situations were very time-consuming and costly. They all also had the potential to result in third-party lawsuits. Thankfully all three of the nonprofit organizations mentioned had Cyber Liability insurance otherwise they may have struggled to know exactly how to react or how to fix the problems.

There are other consequences to be considered as well. These include but are not limited to regulatory fines, loss of reputation, operational downtime, cost of new systems, loss of employees or clientele, etc. So, as we hear daily about more and more cyber-attacks and the costs both financial and otherwise of those attacks, we should all be more aware of our electronic activities and the safety of those activities.

If you would like to explore the cyber risks, your nonprofit faces and the cost of protection please don’t hesitate to reach out to us.




Recent Posts


See all