Why charities need cyber insurance, regardless of their size
With all the challenges and changes that Covid-19 is bringing we saw a sudden and near-total shift to remote working (and now a more measured transition to blended working) many charities have had to re-examine their existing cyber security practices.
In the past year 20% of charities have fallen victim to cyber attacks, this partnered with the introduction of General Data Protection Regulation (GDPR) you can understand why now more than ever a trusted cyber insurance policy is needed.
Ecclesiastical Insurance company conducted a study recently into charities and cyber insurance their findings found that just half (52%) of the charities surveyed have a cyber security plan in place, only 42% had a specific cyber risk management plan and lastly only 42% had a cyber insurance policy in place.
The Cyber Readiness Report 2019 found that more than six out of 10 organisations experienced one or more cyber attacks in the last year. The report also found that the average cost of cyber events in the last 12 months for non-profit organisations was £19,502 per incident.
You are 10 times more likely to suffer a cyber breach than a fire or theft to your business.
The National Cyber Security Centre have published a guide to help charities improve their cyber security which you can view by clicking here.
So why are so many charities going without cyber insurance?
Common Cyber Myths:
‘We invest a lot into IT security so we don’t need cyber insurance.’
‘We use an outsourced service provider for all of our IT so we don’t need to buy insurance.’
‘We are only a small business so we wouldn’t be the target of any cyber attack.‘
Hackers launch tens of thousands of attacks on organisations every day, and many specifically target charities because they believe that charity cyber security systems are likely to be less sophisticated than those of commercial organisations.
60% of small and medium-sized businesses that fall victim to attack cease to exist six months later. But even if the cyber security breach is not terminal, here are some of the other devastating effects:
Loss of revenue
Fundraising is the heartbeat of any charity, but a successful cyber attack causes a drop in revenue in almost a third of cases, according to the Ame Group. With 38% of these cases seeing a drop of 20% or more. There are several reasons for this. A ransomware attack could make a charity’s CRM system unusable, preventing it from running targeted fundraising campaigns, a cyber attack on a charity’s website could prevent supporters from making valuable donations online.
Loss of reputation
If hackers successfully steal supporters’ personal details such as address and credit card details the supporters may be less likely to trust the charity with those details again in the future, and this could lead to a lack of trust in the general competence of the charity as a whole.
Loss of productivity
Following a successful cyber security breach it is usually necessary to carry out a great deal of remediation work to restore data, disinfect systems and get them working again, improve cyber security measures, inform supporters if their personal data has been compromised, and carry out PR activities to try to minimise the harmful publicity which may ensue. All of this takes up staff time which would normally be spent on the charities core fundraising, service provision and other activities.
Costs of the cyber security breach
Cyber security breaches can be very costly in terms of fixing problems caused by hackers and getting systems up and running again – activities which may have to be carried out by outside cyber security experts. But there are also many other costs including the cost of informing supporters that their personal data has been compromised, legal fees, increased cyber crime or other insurance premiums, failure to comply with the GDPR regulations could cause large fines.
How can Ascend Broking Group assist?
Our knowledge in the cyber sector goes well beyond specifically the charity industry. This allows us to understand the wider risks linked to cyber and gives us the upper hand in making sure you’re protected.
With Account Executives that can be contacted inside and outside of office hours if a cyber incident ever does strike your organisation we will be able to assist instantly along with your insurer.
As a charity trustee or officer you have a duty to protect your organisations assets and livelihood, you wouldn’t leave your building uninsured so do not leave your charities finances, information and data uninsured and unprotected.