With all its benefits, the reach of the Internet can also carry risks, and where there is risk there is usually some kind of insurance to help deal with the damage.
As they must do with almost any aspect of philanthropic operations, nonprofit managers must decide about buying insurance, hoping bad things won’t happen but realizing that they can.
Erin Gloeckner and Melanie Lockwood Herman, project manager and executive director, respectively, of the Nonprofit Risk Management Center, wrote that making a decision about buying cyber insurance should involve three keys:
Understanding and evaluating the organization’s exposure to claims;
Working with a knowledgeable agent or broker; and,
Determining the budget for such coverage.
Once that decision is made, the following are the types of cyber liability coverages available:
Notification expenses. Almost every state has notification requirements.
Crisis management. This can cover the cost of retaining public relations counsel to minimize the damage.
Regulatory investigation expense. Both state and federal agencies can investigate and take action against a nonprofit that is negligent in guarding personally identifiable information.
Data breach liability. This will protect the organization against legal claims brought by a stakeholder who suffered a significant financial loss.
Content liability. This can range from copyright infringement and intellectual property claims to invasion of privacy or personal media injury.
* Data loss and system damage (or data restoration coverage). This covers the information stored in the organization’s computers, if not the computers themselves.
* Business interruption. This would cover events related to temporary or long-term shutdown of operations.