Over the past 12 months cyber risk has been a key focus for charities – not least because of all the work under way to ensure organisations are compliant with the incoming General Data Protection Regulation (GDPR). In the 2018 Institute of Risk Management’s Charities SIG ‘Top Risks Survey’, cyber shot up from outside the top 10 risks in 2017 to the number one risk for 2018. And when asked "What risks will still be with you in 2021?", respondents again voted cyber risk as number one.
What are the types of risk that your charity might face?
The key risk areas include external threats of a deliberate nature, such as hackers, or internal threats of a deliberate nature, such as disgruntled employees. There might also be risks of an accidental nature, such as employees and volunteers losing unencrypted electronic devices or being duped into disclosing confidential information through phishing.
How could you be affected?
Below are just some of the ways that cyber security breaches can cause problems for organisations:
- Having to pay costs or fines where your organisation breaches a third party’s privacy rights
- Losing out on sales or donations when a hacker takes down your website
- Costs incurred to get the organisation back on its feet
- Managing cyber extortion threats
- Responding quickly when incidents go viral and could damage your reputation.
Insurance cover available
Policies typically cover a charity’s out-of-pocket expenses, as well as claims by third parties, including:
- Cyber liability – your legal liability to pay third party claims against you, arising from hacking attack or virus passed on by you or your cloud computing provider
- Privacy liability – your legal liability to pay third party claims against you because of a security breach
- Rectification costs to repair your own system damage
- Insurable regulatory actions and investigations including fines and penalties
- Privacy breach notification costs
- Telephone hacking
- Phishing scams
- Multimedia liability and advertising injury.
Insurance will not stop a cyber-attack, but what it will do is provide you with access to:
- Insurer claims teams that deal with such losses every day
- Specialist consultants who can identify what has happened and rectify the situation as quickly as possible
- Funds to pay for the work needed, as opposed to using your own reserves.
Cyber attacks can happen to organisations of any size, so ensuring you have the right protection in place is the first step towards safeguarding the future of your charity.