As a charity, cyber security and risk is an ever-growing concern that should be at the top of your priority list. The consequences of a breach can be devastating to your reputation, which as we all know is paramount for an effective and attractive charity. There have been a number of cases that we have seen in the news that demonstrate exactly how important it is to protect yourself from the risks associated with operating on cyber platforms.
The cause for this concern will increase, the more charities rely on technology to interact with service users, donors, suppliers, and the public. In this blog post we will be discussing the risks you are exposed to and how to protect yourself.
Have insurance in place that specifically covers the risk of data breaches
Given the current cyber climate, it makes sense for charitable organisations to have insurance in place that specifically covers cyber related risks. Not only can your reputation take a hit should something happen, but there is a risk of damaged technology, interruption of work, crime, lost income, and third party claims.
Consider GDPR
Data is a big issue for charities, especially since the General Data Protection Regulations (GDPR) were established in 2018. If a data breach happens, specific cyber insurance can help take care of expenses such as investigation, legal fees, notifying affected parties and getting IT systems up and running again. It can also help with the public relations cost of managing media fall-out. It is now more important than ever for charities to ensure that they are on top of their data and the responsibilities that come along with it.
Cover yourself for cyber crime
Cyber-crime is another area of concern for charities, who may need cover for anything from an employee fraudulently syphoning funds into their personal account, to a cyber-attack that shuts down your organisation’s computer systems. Or you may find yourselves liable for costs if your organisation transmits a virus or infringes intellectual property rights.
Conventional insurance policies may not cover events like these. As specialists in the third sector, Ansvar has developed a comprehensive charity insurance product, offering cyber protection and covering the key cyber risks many not-for-profits face.
The repercussions of a cyber-security breach could be huge
In 2012, a hacker breached the British Pregnancy Advisory Service’s (BPAS) website and threatened to publish the name, address, date of birth and telephone number of 10,000 people who had contacted the charity about pregnancy issues, including abortion.
In its defence, the charity said it didn’t realise its website was storing this information and that it wasn’t secure. The result: a £200,000 fine and a severe blow to the charity’s reputation, not to mention the potential distress to its users, had their details been published.
BPAS is not alone. In 2016, both the RSPCA and the British Heart Foundation found to their cost that misusing donor data – whether knowingly or not – can be expensive and damaging to their reputation.
It’s worth noting that both of these events took place before the introduction of GDPR, so the implications if this happened now, would likely be much bigger. GDPR can set fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.
Who can help?
Realistically, cyber risk is here to stay. There is very little we can do to change the risk that something may happen, brokers and insurers can help your charity be prepared and have the cover you need to bounce back when things in your cyber world go wrong.
We hope that this blog post has helped explain exactly what the risks are that your charity is exposed to, and why it is so important to protect yourselves from them.
Sarah Cox is the managing director of charity and faith insurance specialist, Ansvar, the sponsors of this piece.
Recent Stories