As technology and the internet continue to expand, it’s filled with related risks as hackers look for ways to financially benefit from this online world. While several major retailers have made the news, data breaches among churches or schools has remained relatively quiet. That said, there has been an uptick in activity within the last couple of years and it’s not showing any signs of going away. In fact, it’s clearly a growing problem so the time is coming when you may need to budget for cyber liability.
Let’s take a brief look at what a Cyber Liability policy covers.
- It protects you in the event of a data breach. A data breach is defined as an incident where information is stolen or taken from a computer or online system without the authorization of the system’s owner. Stolen data may involve sensitive or confidential information such as credit card numbers, checking account numbers, social security numbers, etc. A cyber liability insurance policy hires the experts you need and guides you through the process. If you incur an actual breach, you would be reasonably safe to assume that costs would start around $20,000 to $30,000 and end likely higher.
- It protects you in the event of ransomware – a seemingly ever-growing problem. This is where malware and viruses can hold a church’s data hostage until a ransom is paid. Also phishing emails that cyber criminals use to defraud unknowing victims who will receive an email that appears to be coming from a church authority but is in fact from a criminal.
- It protects you in the event of a liability litigation. True, you are probably not going to get hit with a major lawsuit from one of your church members in the event of a data breach but there are other areas of exposure such as potential liability resulting from Facebook, Website, the posting of photos and just anything related to the internet and your use of it.
Beyond the actual loss incurred by a cyber event, keep in mind that if you’re handling this on your own you may be distracted from your ministry and you likely will spend hundreds of hours and thousands of dollars doing damage control. This could include conducting a forensic investigation, notifying everyone about what happened, paying for credit checks and just trying to figure out what went wrong. Dollars that could be spent on ministry.
Speaking of dollars – what does a Cyber Liability policy costs. This is of course dependent on a few factors, including the amount of the exposure (i.e. small church versus large church, average revenue, etc.) so the costs are strictly relative to the amount of financial exposure. Admittedly the costs have increased recently, mainly due to the amount of cyber activity, but like most insurance, it’s simply a measure of weighing the costs versus the potential loss of both revenue and time.
Bottom line – does my church or school need cyber insurance?
Yes, most likely you do – or soon will. Cybercrime is on the rise and the frequency and creativity of cyber thieves is increasing. As organizations utilize an increasing number of applications, devices, and other technology services to enable their ministry, they also become more vulnerable to attacks. And most General Liability and Professional Liability policies do not address the exposure you have to cyber risks. While some companies provide cyber coverage within the policy or it’s offered as an option, the coverage limits are typically nominal. That is of course better than nothing, but in the event of an actual event, you could still find yourself heavily engaged in the resolutions and likely out thousands of additional dollars.
Emerging Trends With Multi Factor Authentication
With the rapid rise in cyber claims, particularly with respect to ransomware prevention, in just the past couple of months, we’ve seen multi-factor authentication (MFA) (sometimes referred to as two-factor authentication) beginning to be a requirement. If your organization uses any type of Remote Desktop program which allows you to connect, access, and control data and resources on a remote machine – just as if you were doing it locally – a multi-factor system will likely need to be in place. Implementing an MFA seems to be relatively easy and cost effective; we’d recommend that you check with your IT company.
Just A Few Tips On How To Better Protect Your Organization From Becoming A Cyber Victim
- Watch for misspelled website and email addresses.
- Avoid clicking on links unless your confident of the source.
- Watch for communications that express a sense or urgency and asks you to take action quickly.
- Be wary of emails about expiring passwords; often with a link to keep passwords active and updated and those that indicate you have prior emails that were held based on a security check and suggests a review of those via an attached file.
- Do not make a change to payroll or an employee’s bank account via email request only – always verify with a phone call.
- Avoid content that says you’ve won a prize or contest.
- If you’re at all suspicious, call or email separately to confirm the validity of an email.