Spring Cleaning: Refreshing Your Risk Management Plan

As the flowers bloom and the days get longer, spring becomes the season of fresh starts, and that shouldn’t just apply to your junk drawer or email inbox. For nonprofits, spring is the perfect time to step back, dust off your risk management strategy, and make sure your organization is truly protected for the year ahead.

You wouldn’t skip your annual budget review or your year-end fundraising campaign, so why put off evaluating the systems and coverage that protect everything you’ve worked so hard to build? From safety protocols and cyber threats to outdated insurance policies, refreshing your risk management plan ensures your nonprofit can thrive, no matter what the year throws your way.

Here’s your spring-cleaning checklist for a smarter, stronger, more secure nonprofit in 2025.

Step 1: Revisit Your Risk Assessment

The first step in any good risk management strategy is understanding where your vulnerabilities lie. If your last risk assessment was done more than a year ago, or if your programs, staffing, or services have changed, this is your sign to re-evaluate.

Ask yourself:

• Have we added any new services or locations?

• Have we seen an increase in events, volunteers, or staff?

• Are we handling or storing sensitive data in new ways?

• Have any claims or near-misses happened in the past year?

These answers will help you determine where risk has increased and where additional protection might be needed.

Tip: Conduct an internal audit by department or program. Loop in team members, as they often see risk in places leadership doesn’t.

Step 2: Review Your Insurance Coverage

You’ve likely changed over the last year. So has the insurance landscape. Spring is the ideal time to make sure your insurance policies still fit your current reality.

Here’s what to look for:

General Liability Insurance

Still one of the most important coverages for nonprofits, this protects your organization from third-party bodily injury or property damage claims. If you’ve increased programming, added in-person events, or seen higher foot traffic, make sure your limits are keeping pace.

Property Insurance

If you’ve moved offices, acquired new equipment, or made upgrades, confirm those changes are reflected in your property policy. Don’t forget to include high-value items like laptops, audio/visual gear, or mobile assets used off-site.

Directors & Officers (D&O) Insurance

Have there been board changes? Are your board members making big decisions related to finances, layoffs, or restructuring? This coverage is critical for protecting your leadership from personal liability.

Cyber Liability Insurance

If you’re collecting donor data, managing online fundraising, or using digital systems for operations, cyber coverage is essential. Cyberattacks on nonprofits are growing rapidly, and even one phishing email can lead to a major breach.

Step 3: Update Internal Safety Protocols

From staff training to facility checklists, a good risk management plan lives in your day-to-day operations. Spring is a great time to review and improve how you keep people, and your reputation, safe.

Questions to consider:

• Are your facilities up to date with current safety and accessibility standards?

• Do you have clear protocols for accidents, injuries, or behavioral issues?

• Are volunteers and staff trained regularly on workplace safety?

• Is there a designated crisis communication plan in case of emergencies?

Pro tip: Create a “spring safety walk” where teams inspect their program areas, report potential hazards, and make recommendations.

Step 4: Refresh Digital Security Measures

Your website, donor platform, email list, and internal software are all potential entry points for cybercriminals. And with more nonprofits operating online, digital risk is now one of the most pressing threats facing the sector.

Here’s what to check:

• Are you using strong, unique passwords for all software and platforms?

• Is multi-factor authentication enabled for staff and admin access?

• Have employees received phishing or cybersecurity awareness training recently?

• Are donor databases encrypted and backed up securely?

If you answered “no” to any of these, it’s time to take action. Cyber liability insurance can offer financial protection, but prevention starts with systems and training.

Step 5: Engage Your Board and Leadership

Risk management shouldn’t be an isolated effort, and it needs buy-in from the top. Use this spring refresh as an opportunity to brief your board and senior leadership on where things stand and what needs attention.

Suggestions:

• Share a simple summary of your current insurance coverages.

• Review any open claims or near-misses from the past 12 months.

• Invite leadership to participate in an updated risk review or safety walkthrough.

• Schedule a board training session on D&O risks or cyber threats.

When your leadership understands the risks, they’re more likely to support the policies and resources you need to protect your mission.

Step 6: Partner with the Right Advisors

You don’t have to manage risk alone. A trusted insurance partner who understands the unique challenges of nonprofits can help you evaluate exposures, adjust your coverage, and make smart, strategic decisions about how to protect your people and your programs.

CalNonprofits Insurance Services works exclusively with nonprofits in California, offering coverage that fits your mission, not just your bottom line. Whether you're planning events, expanding services, or simply growing your impact, we’re here to help you stay protected, compliant, and confident.

Learn more about our insurance solutions for nonprofits

‍