You might think your organization doesn’t have information anyone would want, but that is a misconception. There are many types of cyber crime. The bank account and financial information for your organization can be used for the purposes of fraud. The personal information of your workers and donors can be used in identity theft, and the credit card numbers of your donors can be fraudulently used as well.
The simple fact is that hackers know smaller organizations don’t have the resources that large multinational corporations do, so they are easier to get at. And many nonprofits have even tighter budgets and fewer resources than your average small business Criminals might not get as much money, but it is far easier to get.
The best thing you can do is be proactive.We all know about securing devices and networks, but there are other things you can do to protect your organization in case the worst happens. Putting a policy in place for handling data breaches before one happens is essential. Staff education and training on security risks and how to correctly handle sensitive information is necessary as well. And getting cyber liability insurance is an excellent idea too.
You might not realize what is necessary to correct a data breach if it has never happened to you. The costs and effort required can be staggering, and they aren’t covered by traditional insurance products. The Wall Street Journal estimates that the average cost of remediation per record comprised is close to $200. If only 100 records are compromised, that’s $20,000!And that is just to inform the victims and provide credit monitoring. It doesn’t include costs like hiring someone to fix the problem and damage to your reputation.
It also doesn’t include litigation costs. Regulations that protect personal information like HIPAA, FISMA and PCI apply to nonprofits too. Even unintentional non-compliance can open you up to a lawsuit.
As technology advances, organizations are expected to do more to secure information. In the future, simply providing notice and credit monitoring to victims probably won’t be enough. With cyber liability insurance your organization will be prepared.