Cyber security breaches and attacks are not uncommon; in fact 26% of charities have experienced a cyber-security breach or attack in the last 12 months1. As COVID-19 has changed the way many charities and organisations work – from working remotely to increasing their digital footprint – cyber criminals have been presented with more opportunities than ever before to exploit security vulnerabilities of the organisations that they target.
With the percentage of charities stating that cyber security is a high priority for them having fallen over recent years1, we share nine reasons why it should remain front of mind for trustees and senior managers.
Your reputation is strength, so why not protect it?
When your systems have been compromised, you run the short term hazard of financial loss but also the longer term risk of losing loyal supporters, donors and fundraisers. This can also damage your reputation.
Insuring your reputation in light of a breach helps cover the associated costs, like engaging the help of a dedicated public relations firm as well as the loss of income that arise as a direct result of loss of custom.
Data is your most important asset…
Yet data is not covered by many standard property insurance policies. In the event that data is damaged or destroyed, it is unlikely that a standard property policy would pay out, which is why we recommend a cyber policy to provide comprehensive cover (up to full policy limits), that includes data restoration, no matter how the loss occurred.
You can be held liable for any third party data that is lost
Organisations hold more information on their supporters and suppliers than ever before. With the responsibility of protecting this information, charities should consider cyber liability insurance to ensure protection against non-disclosure agreements and contracts that contain indemnities and warranties in relation to this type of breach as well as consumers seeking legal redress in the event of lost data.
Cyber-crime is the fastest-growing area of fraud
Half of charities have multiple digital exposure points1 - whether that’s social media accounts to heighten brand awareness, platforms for customers to order goods or donate online, or even network-connected devices for employees to work remotely - in this ever evolving digital world, new crimes are emerging regularly and they can occur day or night.
Amongst the 26% of charities that have experienced a cyber-security breach or attack in the last 12 months, 79% had phishing attacks, 23% were impersonated and 17% had malware (including ransomware)1. These are just some of the crimes that a traditional insurance policy does not address. Cyber insurance can provide cover for a variety of threats that your organisation faces every day.
Operating systems are critical for your daily business…
But unplanned ‘downtime’ is generally not covered by standard business interruption insurance. From electronic point of sales to office reporting software and booking systems, many organisations rely on operating systems to manage their business. In the event of your charity suffering a computer virus, a hacking incident or even a malicious employee disrupting your services, a traditional business interruption policy may not respond. Cyber insurance can provide you with cover for loss of profits associated with a systems outage that is caused by such attacks.
Organisations face big penalties if they lose credit card data
The stakes are high. Fraud losses to the banks on UK credit and debit cards totalled over £620m in 20202 - and increasingly this risk is being passed onto the organisations that lose the data. Compromised organisations can be held liable for reissuance costs, investigation costs as well as the actual fraud conducted on stolen cards. Cyber insurance can help protect your business against these costs.
Portable devices increase the risk of loss or theft
A forgotten laptop on a train, a stolen iPad from a bag in a bar, or a lost mobile phone are all examples of how organisations can lose data ‘on the go’. Portable devices have become a necessity for many organisations as they move to more flexible working arrangements as a result of COVID-19, but they are unfortunately a target for criminals. Cyber insurance can help cover the costs associated with breaches of data should a portable device become lost, stolen or become the victim of a virus.
Social media is an effective business tool but claims are on the rise
Every second, on average, around 6,000 tweets are tweeted on Twitter alone3; information is shared and exchanged at the click of a button. How that information is presented can give rise to liability for organisations that are responsible for the conduct of employees on social media sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims that arise as a result of leaked information, copyright infringements or defamatory statements.
It doesn’t matter what type of organisation you are, small ones are targets too
Fundraising plays a vital role in the running of charities and the ability to raise capital has been impacted significantly throughout the pandemic. Small organisations may not have the financial resources to get things back on track after a security breach or data loss and with nearly one-in-three global targeted attacks being aimed at small businesses4, cyber-attacks are becoming one of the greatest risks a small business can face. This makes cyber liability insurance a must have to consider for the big, the small and everyone in between to help protect against the potentially crippling financial effects of a security breach.
How Gallagher can help
Gallagher delivers insurance solutions across all areas of the voluntary sector. Whatever your activities, your insurance protection must be intelligent, cost-effective and flexible - and offer peace of mind.
Our cyber liability insurance and cyber risk management services can not only help protect your business against the financial impacts associated with the scenarios detailed in this article, they can also help you to prevent problems from happening in the first place.
It is advisable to seek the expertise of a specialist broker to help you find an appropriate insurance solution for your business. If you need help with navigating the risks facing your business today, we would be delighted to help.
1. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021
2. https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf
3. https://www.dsayce.com/social-media/tweets-day/
4. https://www.thesslstore.com/blog/15-small-business-cyber-security-statistics-that-you-need-to-know/
CONDITIONS AND LIMITATIONS
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as at 05/07/21, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/ or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Gallagher.
