A large majority of non-profit and social service executive directors, boards of directors and risk managers are not aware that their standard insurance coverages (Commercial GL, Property, D&O, crime) typically don’t provide proper coverage for cyber liability. Most employees and IT professionals don’t know that they (along with their organization) have an exposure to cyber risks and how that exposure can pose a significant financial threat to their institutions. ENPICA is here to make sure you are covered.
- Financial Threats to Your Institution:
Costs to comply with federal and/or state required notification. Per individual, the average cost per record is estimated at $203
- Regulatory proceedings(including fines and penalties) as a result of a privacy breach. This includes HIPAA violations
- Employees (teachers, volunteers) and/or groups of affected individuals(alumni, current students, parents) suing for damages as a result of a privacy breach
- Liability for the transmission of malicious code to an outside party
- Denial of service attack on your network, causing computer system to go down and business interruption expenses
- Intellectual property/privacy lawsuits. These include libel/slander arising out of content that is on your internet or intranet sites
Any Non-Profit or Social Service organization that…
- Obtains social security numbers, drivers license numbers, bank account numbers of clients or employees
- Has access to patient medical records
- Is in the process of going ‘paperless’ or keeps paper files onsite
- Provides online access to sensitive data
- Allows laptops or access to their network from a remote location
- Relies on their computer network on a daily basis
…carries a significant exposure to cyber risk.
Claim Scenarios for Non-Profit Organizations
- Client information was on a case manager’s laptop that was stolen from her office. Files on the laptop contained patient names, social security numbers, dates of birth, addresses, phone numbers, medical condition information and case information
- Third-party vendor that hosted a foundation’s website experienced a security incident. Customers who donated to the organization may have had their names, dates of birth and credit card information accessed
- Adult day care’s computer network is down for 4 days as a result of a Trojan horse attack and are unable to provide any services as a result. There is a need to hire experts to correct their system and get it back to where it was functioning
- In an effort to go paperless, cleaning crew at a HIV awareness organization discards all employee files in an unsecured dumpster. Personal information of all employees is compromised and those affected join a class action suit against the non-profit
- Animal shelter holding a golf tournament posts information regarding the event on their website. As a result of the shelter not getting permission to use a golf company’s logo, they are sued for copyright infringement
If you are interested in getting more information, please contact us.