Diversity and inclusion, lawsuits, and cyber threats aren’t just concerns of for-profit companies. Non-profits also feel the weight of these emerging risks, though they have unique vulnerabilities to exposures.
“Diversity [at the non-profit board level] continues to get better, and strides have been made over the last stretch of time, [but] there’s a ways to go,” said Patrick Baker, non-profit D&O product manager at Travelers. “It’s being talked about at board levels within organizations. Interestingly, it’s also a point of emphasis for funders and other folks who provide the money to non-profits. It’s an area that they’re taking a closer look at, so that’s helping to drive some of those conversations within the boards themselves.”
However, the primary risks to non-profit boards that have been driving D&O-related claims are lawsuits, which can come from a breach of fiduciary duty, whether that’s associated with duty of care, duty of loyalty, or duty of obedience (the legal duties of board directors).
“Another big risk that we see is failure to fulfil the mission of the non-profit, and those claims can be brought by a number of different parties, whether it’s the folks that are the recipients of those services, or government regulators who often get involved if the non-profit is not doing what they said they [would],” said Baker, adding that non-profits’ tax exempt status is driven by having a mission and fulfilling it.
Finally, the mismanagement of funds is likewise an exposure facing non-profit boards because they might not have the expertise of a larger for-profit organization, and its leaders might be wearing many different hats.
The cyber threat is also on the radars of non-profits. While the recent slate of cyberattacks have focused on the financial sector, non-profits are similarly exposed to data breaches and ransomware.
“No matter the size of a non-profit, one of the unique exposures that they have from a cyber standpoint is oftentimes the donor information, which is unique to the non-profit sector. If you think about donor information, oftentimes that’s going to be names, addresses, and emails, but also financial information, particularly if you have a donor base that’s making recurring or regular donations,” said Baker.
Non-profits’ vulnerability to cyber incidents often relates to the size and sophistication of the organization.
“There’s certainly a heightened exposure on the smaller end where again, you have someone who’s involved in a lot of different activities for the organization, which speaks to the value of making the decision to purchase cyber insurance,” explained Baker. “For one thing, it responds should an incident happen, but there’s also tremendous value in some of the other services that come along with what we offer with the cyber product. There are a number of services that are available to policyholders that provide pre-breach [support], and that can be something like a cyber assessment. Non-profits can actually get a pretty good understanding of where they may have some holes in their systems and that’s available to our cyber policyholders as part of one of the benefits we offer with a policy.”