CalNonprofits Insurance Services

Why Nonprofits Need to Pay Close Attention to Cyber Risk Now

Print Friendly, PDF & Email
Cyber security for nonprofits

Why do nonprofits need to pay close attention to cyber risk now? New changes caused by the COVID-19 pandemic have been a catalyst for newly emerging cyber risks. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on April 8 regarding the growing use of COVID-19 targeted cyber attacks. In addition, the World Economic Forum has identified cyber risks and data fraud as being the third top concern for organizations worldwide. Lastly, nonprofit organizations are a traditionally vulnerable sector for cybercrime. Over 80% of nonprofits do not have a cybersecurity policy in place (NTEN). It is vitally important to begin making cybersecurity a priority. Nonprofits can do this now! Implement a written cybersecurity plan and ensure you are adequately covered in your cyber insurance policies.

Cyber Risks

The three main risks of a cyberattack for nonprofits are:

  • Data breach
  • Downtime of systems
  • Ransom demand

Unfortunately, nonprofits generally do not operate at the scale of large companies that make headlines, but the effects can be even more devastating when an attack occurs. Reputational damage, regulatory fees, and delayed business operations are examples of the types of high-cost losses that can occur. A phishing attack, for instance, costs nonprofits $1.6 million on average. Hosting your data in the cloud alone does not protect your organization from loss.

Remote Work Arrangements Are a Key Factor of Increased Cyber Risk

Temporary remote work arrangements for employees are a key factor in exponentially increasing cyber risk for nonprofits. Phishing, spoofing of apps, use of personal devices and residential networks while working from home, and lack of training on cybersecurity best practices are factors for this increased cyber risk. Nonprofits need to inform themselves of how to reduce these risk factors and educate their employees on best practices now, as well as when employees return to work. See our Work From Home Toolkit resource for helpful tips and guidance.

Written Cyber Security Plan

If your nonprofit does not have a written Cyber Security Plan, then make this a priority! Be ready to change your existing pans to account for changes due to the COVID-19 pandemic. A written Cyber Security Policy provides the measures you have in place to protect your organization from cyberattacks as well as your contingency plan should an attack occur. In developing your policy consider all business relationships such as employees, clients, business associates, partners, and third-party vendors. It should identify management’s roles and responsibilities and the organizational cybersecurity protocols. There should also be a protocol for how to report cybersecurity incidents. Be prepared with a robust cybersecurity policy.

Are You Covered For Remote Cyber Risks?

Nonprofits are well-advised to conduct a risk assessment to identify new cyber risks that have emerged from changes due to COVID-19. As such, you should review your organization’s cyber insurance policy to determine whether work-from-home arrangements and personal computing are included in the coverage. The definitions of “computing system” and “security event” in your policy will determine whether your organization is covered for losses that occur from a remote cyberattack. Your dedicated Sales or Service Team contact can help you with a risk assessment and policy review.


COVID-19: Does Your Cyber Policy Cover Remote Working Cyber Risks?

Cybersecurity: Threats, Consequences, and the Regulatory Framework

The Impact of COVID-19 on Cybersecurity

About the Author

  • Founded in 1984 as a subsidiary of the California Association of Nonprofits (CalNonprofits), CalNonprofits Insurance Services was established during a time of diminishing insurance options for nonprofits. One of the driving reasons for establishing the association was to use the collective influence of the sector to secure more stable and quality insurance. We have developed, and are known for, our wide spectrum of services reflecting expertise in both the insurance and nonprofit sectors, our superior customer service, and our development of exclusive insurance products, including a highly successful dental and vision trust. We insure more than 1,200 nonprofit organizations throughout California and we are the only California brokerage specializing in insurance for nonprofits. Our clients range from newly established nonprofits all the way to venerable organizations with multiple locations statewide.

Leave a Reply

Your email address will not be published.