Author: John Farley
Throughout 2021 virtually every industry sector has been impacted by the tough cyber insurance market. As the pace of cyber attacks intensifies and increased cyber claim payouts continue, cyber insurance carriers are responding. The news isn't good for policyholders, including those in the nonprofit sector.
As recently as May, it became known that a Russian hacking group known as Nobelium targeted over 150 organizations worldwide, 25% of which were involved in international development, humanitarian and human rights work.1 This particular attack involved phishing emails designed to get victims to download malware or hand over sensitive data. It is no surprise that hackers are targeting nonprofits, as they often hold significant amounts of data that can be monetized, including donor banking records, payment cards and personally identifiable information.
The reaction from cyber underwriters has been swift, and nonprofits are being subject to rate increases and decreased capacity. Moreover, those that are provided coverage terms are often finding that cyber insurance policies now contain co-insurance provisions, sub-limits and exclusionary language that can restrict coverage.
To prepare for what has become the most challenging cyber insurance market on record, nonprofits should focus on key data security controls, including but not limited to:
- Use Multi-Factor Authentication
- Patch management of known vulnerabilities
- Properly configure Remote Desktop Protocol for remote workers
- Back up data using encryption and test restoring from backups regularly
- Maintain a vendor management program to address cyber risk in the supply chain
- Prepare an incident response plan and test it via table-top exercises
- Train staff to recognize and respond to cyber threats
By adhering to these and other network security best practices, nonprofits will be able to demonstrate to the cyber underwriting community that they are actively managing cyber risk, which should ultimately position them for more favorable results as they navigate the cyber insurance marketplace.
Based on the highly nuanced nature of this market, it is imperative that you are working with an insurance broker who specializes in your particular industry or line of coverage. Gallagher has a vast network of specialists that understand your industry and business, along with the best solutions in the marketplace for your specific challenges. It is extremely important to start renewals as soon as possible, work with your Gallagher team with dedicated expertise in this space to deliver a comprehensive and professional submission to underwriters.
Please note: A client's risk profile is the primary variable dictating renewal outcomes. Loss experience, industry, location and individual account nuances will also have a significant impact on these renewals.