Loss of data is the biggest concern for charities in the event of a cyberattack, but just a third have cyber insurance in place, specialist insurer
Ecclesiastical has revealed.
New research from the insurer, which protects more than 45,000 charities and not-for-profit organisations, found that 77% of charities polled named data loss as their biggest worry, followed secondly by the cost of putting things right, and thirdly by the costs incurred as a result of breaching data regulations and laws.
The results come hot on the heels of a new Charity Commission report which highlights the need to raise awareness among trustees about the importance of protecting their charity against cyberattacks – and suggest that brokers have work to do in advising clients on their best methods of protection against risk.
“With many charities exploring alternative fundraising methods, including embracing digital, there’s no doubt they are facing and taking more risks,” David Britton, Ecclesiastical insurance’s charity director said. “Increasing cyber threats and new regulation such as the General Data Protection Regulation (GDPR) mean it is more important than ever for charity trustees to manage risk effectively.
“It’s also an opportunity for brokers to talk to their charity clients about whether they would be prepared in the event of a cyberattack or data breach, and whether their current insurance cover meets their needs.”
While charities may often focus on the financial cost, the short and long-term impacts of an attack include business interruption – such as the potential need to stop services temporarily – loss of income and third-party claims, Britton told
Insurance Business.
“Perhaps most costly of all, a breach in the security of an organisation’s technology can cause reputational damage,” he went on to say. “This is a particular consideration where charities are using donors’ data, but many charities also hold sensitive data on beneficiaries.”
The increasing use of digital platforms by charities and not-for-profit organisations is exposing them to an increased risk of cybercrime, and, according to statistics from the International Commissioner’s Office (ICO), data breach incidents for charities have increased by two thirds on an annual basis, Britton pointed out.
“Ecclesiastical’s own recent research with charities has shown that 17% have already experienced a cyberattack and that the larger the turnover of the charity, the more likely they are to have experienced an attack,” he went on to say.
As a result, having the proper insurance in place is critical, and both brokers and clients should be sure on what is covered by a policy.
“Conventional insurance policies may not cover many of the losses associated with cyber risks, such as the costs for dealing with the impact of data breaches, dealing with cyber liability claims, business losses from a cyber event, and cover that helps organisations with the impact of cyber crime,” Britton said.
“Specific cyber insurance can help cover these costs, but, also importantly, it can give charities access to expert advice and support e.g. IT, legal, forensic, and media/public relations when an incident occurs. This can help mitigate the financial impact of a loss or cyber event and any reputational damage,” he added.
Having appropriate risk mitigation steps in place is also vital for charities. Best practice includes having virus protection and good data management systems in place, as well as routinely backing up data and providing training.
Related stories:
Higher Insurance Premium Tax means less money for charity work
How do you insure someone who lives on less than £8 a day?