A recent government report highlighted the need for charities to do more on cyber security. Whilst awareness of the risk is increasing the report highlighted a lack of awareness of the notion of cyber insurance. Liam Greene from Markel UK explains why your charity should consider a cyber insurance policy.
What are the risks?
Whilst it may be difficult to prioritise spending time and money on information security, the results of a cyber or data breach could have a significant impact on your charity.
If sensitive or personal data belonging to your staff, donors or service users is breached it can cause damage to your reputation.
A breach or cyber attack in your computer system could have a knock on effect and cause interruption to your daily activity, or a more serious impact on your ability to perform your core services.
There are a number of costs attached to a cyber or data breach including regulatory fines, legal costs and IT security costs, all of which can have an impact on your finances.
What are the threats?
There are a number of ways in which a cyber attack can occur and when it comes to information security, charities are the same as commercial organisations; they have assets, such as personal data that need protecting. Cyber risks can occur not only from external sources such as computer hackers, but from internal sources including data sharing and storage, homeworking and social media.
Loss or theft of data
The simplest and most common way which data can go missing is through the loss or theft of electronic or physical data such as a stolen laptop or lost paperwork.
Cyber crime is becoming increasingly common with fraudsters stealing personal data and threatening to release the data unless you pay a ransom.
Outdated software can leave your computer systems vulnerable to hackers.
Another common cause of data loss is through human error when data is emailed, posted or faxed to the wrong recipient.
Why consider cyber insurance?
Many charities will have IT security measures in place to protect against cyber risks, however it is also important to provide additional protection by purchasing a cyber policy.
Almost all organisations have personal data and a reliance on IT, however few have in-house capabilities for managing emerging cyber and data risks.
If the worst happens a specialist cyber policy acts as a first response and protects your organisation from the moment a data breach occurs. It covers your own losses as well as legal; IT security and regulatory costs that may occur to contain a data breach. A specialist policy may also offer risk management support and IT security advice to help mitigate the risk.
Liam Greene is professional and management risks line manager at Markel
Civil Society Media would like to thank Markel for its support with this article