Impacts to the Nonprofit Sector as of October 2021

Author: John Farley


Throughout 2021 virtually every industry sector has been impacted by the tough cyber insurance market. As the pace of cyber attacks intensifies and increased cyber claim payouts continue, cyber insurance carriers are responding. The news isn't good for policyholders, including those in the nonprofit sector.

As recently as May, it became known that a Russian hacking group known as Nobelium targeted over 150 organizations worldwide, 25% of which were involved in international development, humanitarian and human rights work.1 This particular attack involved phishing emails designed to get victims to download malware or hand over sensitive data. It is no surprise that hackers are targeting nonprofits, as they often hold significant amounts of data that can be monetized, including donor banking records, payment cards and personally identifiable information.

Cyber rate changes by quarter from -0.7 in Q3 2017 to 27.6 in Q3 2021.

The reaction from cyber underwriters has been swift, and nonprofits are being subject to rate increases and decreased capacity. Moreover, those that are provided coverage terms are often finding that cyber insurance policies now contain co-insurance provisions, sub-limits and exclusionary language that can restrict coverage.

To prepare for what has become the most challenging cyber insurance market on record, nonprofits should focus on key data security controls, including but not limited to:

  • Use Multi-Factor Authentication
  • Patch management of known vulnerabilities
  • Properly configure Remote Desktop Protocol for remote workers
  • Back up data using encryption and test restoring from backups regularly
  • Maintain a vendor management program to address cyber risk in the supply chain
  • Prepare an incident response plan and test it via table-top exercises
  • Train staff to recognize and respond to cyber threats

By adhering to these and other network security best practices, nonprofits will be able to demonstrate to the cyber underwriting community that they are actively managing cyber risk, which should ultimately position them for more favorable results as they navigate the cyber insurance marketplace.

Based on the highly nuanced nature of this market, it is imperative that you are working with an insurance broker who specializes in your particular industry or line of coverage. Gallagher has a vast network of specialists that understand your industry and business, along with the best solutions in the marketplace for your specific challenges. It is extremely important to start renewals as soon as possible, work with your Gallagher team with dedicated expertise in this space to deliver a comprehensive and professional submission to underwriters.

Please note: A client's risk profile is the primary variable dictating renewal outcomes. Loss experience, industry, location and individual account nuances will also have a significant impact on these renewals.

Author Information


1Shead, Sam. "Russian hackers launch major cyberattack through U.S. aid agency's email system, Microsoft says,", May 28, 2021,


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Insurance brokerage and related services to be provided by Arthur J. Gallagher Risk Management Services, Inc. (License No. 0D69293) and/or its affiliate Arthur J. Gallagher & Co. Insurance Brokers of California, Inc. (License No. 0726293).