Will your Not for Profit be denied cyber insurance?

Cyber insurance is an important risk mitigation strategy for Not for Profits as cyberattacks continue to rise. This insurance provides financial coverage for data restoration, business interruption, regulator compliance and related risks.

However, obtaining and keeping cybersecurity insurance can be challenging for NFPs for the following reasons:

• Lack of knowledge to answer the long list of questions on the cybersecurity insurance application form.
• Weak security management practices.
• Mistakes or omissions on the original insurance application.
• Not maintaining stated security management practices from the time of application to the time of a cybersecurity attack.

These issues can make it difficult to obtain and keep cybersecurity insurance. To avoid these, it’s vital that you understand your Not for Profit’s current practices and vulnerabilities and to implement ongoing risk mitigations.

Given that most Not for Profits outsource their IT operations to managed service providers (MSP), one way to start this process is to ask your MSP to do an Essential Eight audit. This Australian government-endorsed, Microsoft-focused audit will cover much of your infrastructure.

However, if you don’t have confidence in your MFP or want to cover a larger scope of work to include business processes, software applications and vetting of your service providers, you’ll need a customised audit.

I regularly help Not for Profits mitigate their cybersecurity risks including with High Level Risk Audits. Please get in touch if you need a hand.

P.S. To read more articles about cybersecurity risks, check out these free resources here: https://roundboxconsulting.com.au/category/cybersecurity/

Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments.