In May last year, a cyber-attack named WannaCry was launched on the NHS, and the very real threat of cyber-crime was brought to the forefront of many people’s minds. Over a year has passed since the event took place, and as a result the NHS has pledged to spend £150m on reinforcing their defences to avoid a repeat in the future.
But has the same approach been taken by organisations in the charity sector, for whom a cyber-attack could be devastating? According to a Twitter poll we conducted earlier this year, 25% of respondents felt that cyber-crime was the biggest threat to the charity sector, behind Brexit. And unfortunately the trend shows little sign of slowing down; a survey conducted by the Department of Culture, Media and Sport (DCMS) found that one in five charities suffered a cyber-attack last year.
Ensuring your organisation’s digital assets are well protected should be at the top of your priority list, and there are several steps you can take now to get the ball rolling.
A good place to start is by downloading our cyber assurance checklist. This will allow you to work through some of the areas that need to be addressed when it comes to online security. The checklist also contains some interesting case studies from other charitable organisations who have been involved in related incidents.
We sat down with Carolyn Williams from the Institute of Risk Management to discuss why charities should have cyber insurance. Find out what she had to say by watching our video.
It’s also advisable to have a cyber insurance policy in place as in the event that an attack does take place, there can be subsequent ramifications that need to be dealt with. A suitable insurance policy may include the following protections:
• Cyber liability: pays third party claims against you, arising from hacking or viruses passed on by you or your cloud computing provider.
• Privacy liability: pays third party claims against you due to a security breach and rectification costs that you incur in order to repair your own system damage.
• Privacy breach notification: pays for your own expenditure and when you incur costs for notifying third parties about the breach.
• Phishing scams: whether scams are via electronic communications or through your website, it includes the cost of rectification, reimbursement and consequential loss of income.
• Multimedia liability & advertising: covers your legal liability to third parties for defamation, Intellectual Property and copyright infringement, invasion of privacy and content liability.
• Cyber-crime: including computer cyber-crime, such as unauthorised electronic funds transfers, identity theft and online extortion.
• Telephone hacking: pays for the cost of unauthorised calls being made by a third party for whom you are charged.
Find out more about cyber risks over on the main Gallagher website.