Cyber risk is a major and growing concern for any organisation. For charities, the consequences can be especially devastating. Richard Lane takes a closer look at the problem – and how to keep charities covered.
In 2012, a hacker breached the British Pregnancy Advisory Service’s (BPAS) website and threatened to publish the name, address, date of birth and telephone number of 10,000 people who had contacted the charity about pregnancy issues, including abortion.
In its defence, the charity said it didn’t realise its website was storing this information and that it wasn’t secure. The result: a £200,000 fine and a severe blow to the charity’s reputation, not to mention the potential distress to its users, had their details been published.
BPAS is not alone. In 2016, both the RSPCA and the British Heart Foundation found to their cost that misusing donor data – whether knowingly or not – can be expensive and damaging to their reputation.
More technology means more risk for non-profits
As charities increasingly rely on technology and social media to interact with service users, donors, suppliers and the public, they are exposed to greater risks. These can take many forms, from damaged technology and interruption of their important work, to crime, lost income and third party claims.
A recent government report on cyber security noted that some charities had “incurred sizeable financial costs from a cyber security breach”, while the ICO reports that data breach incidents for charities increased by two thirds between 2015 and 2017. It’s small wonder that, in Ansvar’s FWD Annual Tracking Survey, from December 2016, 68% of charities said cyber crime was “an emerging risk causing them concern”.
What can be done to help charities when things go wrong?
Given the current cyber climate, it makes sense for charitable organisations to have insurance in place that specifically covers cyber related risks. Data is a big issue for charities and with the introduction of the General Data Protection Regulations in May 2018 there will be much stricter rules about managing and securing personal data. It will be more important than ever for charities to ensure they are on top of their data and the responsibilities that come with it.
If a data breach happens, specific cyber insurance can help take care of expenses such as investigation, legal fees, notifying affected parties and getting IT systems up and running again. It can also help with the public relations cost of managing media fall-out.
Cyber crime is another area of concern for charities, who may need cover for anything from an employee fraudulently syphoning funds into their personal account, to a cyber attack that shuts down their organisation’s computer systems. Or they may find themselves liable for costs if their organisation transmits a virus or infringes intellectual property rights.
Conventional insurance policies may not cover events like these. As specialists in the third sector, Ansvar has developed Charity Protect Plus: a comprehensive, online product offering cyber protection and covering the key cyber risks many not-for-profits face.
Realistically, cyber risk is here to stay. While we can do little to change that, brokers and insurers can help charities be prepared and have the cover they need to bounce back when things in their cyber world go wrong.
Richard Lane is managing director of Ansvar Insurance, specialists in the third sector.