Insights & News

Nonprofit & Religious Organizations Alert, December 20, 2016
Cyber Risk and Insurance: Three Resolutions for Nonprofits

December 20, 2016
Client Alert
As we move ever closer to the new year, it’s time for nonprofits to compile their New Year’s resolutions and, once again, cybersecurity should be near the top. While many cyber risk experts predict that the overall frequency of ransomware attacks in the coming year may decrease, they caution that attacks will be increasingly more sophisticated and focused, with small and mid-size entities directly in the crosshairs. In addition, this is the season when charities ask for and receive online donations. Credit cards, PayPal, and other internet-based means have made the giving easy, but raised the risk of cyber-thieves. There is also expected to be an uptick in sophisticated phishing attempts such as emails masquerading as gift or donation follow-ups which then steal private personal and financial data from the recipient, who is most likely one of your donors or supporters.

Resolution 1: Look into cyber insurance if you don’t already have it.
Cyber insurance can provide coverage for the costs of forensic investigations, legal advice, business interruption losses, post data breach notification expenses, credit monitoring costs, reputational harm, cyber extortion, and data loss or destruction. It can protect you against liability for claims brought by customers and employees suffering a breach of privacy due to a cyber event, claims for statutory privacy violations, and costs for responding to regulatory inquiries relating to a cyber event, including costs associated with investigations, fines and penalties.

Resolution 2: Make sure your cyber insurance coverage is sufficient.
Forty percent of U.S. policyholders who purchased cyber coverage in the last six months have already increased their coverage limit, according to the Council of Insurance Agents & Brokers. According to other experts, a wide variety of companies have also taken recent steps to bulk up their in-house expertise and infrastructure on cybersecurity and privacy as they look to develop prevention and response protocols before they need outside counsel.

Resolution 3: Know your inside risks.
Did you know that the biggest statistical risk to your private data and cyber protections is not an outside hacker, but an inside employee, either through malicious conduct or simply the careless loss of a smartphone or laptop computer? Did you know that some estimates for the cost to address, repair, and recover after a privacy breach are now said to average seven figures? Did you know that vendor contracts with a liability release could cause you to lose your cyber coverage if it impairs the insurer’s subrogation rights?

For more information about understanding your cyber risk and cyber insurance, please contact Craig Blackman or Jana Landon.

Information contained in this publication should not be construed as legal advice or opinion or as a substitute for the advice of counsel. The articles by these authors may have first appeared in other publications. The content provided is for educational and informational purposes for the use of clients and others who may be interested in the subject matter. We recommend that readers seek specific advice from counsel about particular matters of interest. 

Copyright © 2016 Stradley Ronon Stevens & Young, LLP. All rights reserved.

back to top