Many churches, ministries, and non-profits are starting to wrestle with the need for any kind of cyber liability insurance. This is a good thing to wrestle with and often generates more questions than answers. To be clear, I’m a tech guy, not a lawyer or an insurance representative but I am often asked about the need for cyber insurance and why it would be needed in the first place.
I believe the principles of stewardship require churches and ministries to be good stewards of everything. The obvious includes money and facilities, the less obvious includes the data we store and the personal information we manage. Enter cyber liability insurance.
The goal of cyber liability insurance is to protect your organization against financial liability due to data loss. This data loss, or breach, can be defined several ways. A breach can be external, where someone hacks into your network and steals data without your knowledge, or it can be internal where an employee takes your data to use to start their own business. In both cases the personal data you store has been compromised and the individual owners of that data may request compensation.
Other forms of cyber liability insurance can provide coverage if there is any physical damage to information technology systems and hardware as a result of the breach – think ransomware which can sometimes render computer hardware useless.
Here are a few things to consider:
- Define what you mean when you say “breach” or “loss”. Does this include loss from those with access who abused it or only those without authorization who gain access?
- Define what you want to provide to those who may have their data compromised. Credit monitoring? Attorney fees? Identity protection? What is the insurance coverage providing those whose data is lost?
- Consider the ramifications of not having coverage? Is it ok to just say we are going to be careful with your data or do you have data access policies, backed up by an insurance policy, showing your series about stewarding data properly?
- Remember why you carry insurance in the first place. If you wait until another ministry you know experiences a data breach before you act, it may be too late.
- You may already have some cyber coverage and just don’t know it. Check with your insurance representatives and ask them about their cyber coverage options.
You would never consider dropping your general liability insurance just because you’ve never had a claim or because none of your ministry friends have ever had a claim. Cyber insurance should be treated the same way.
Protect your data as Jesus protects you.
Jonathan Smith is an author, conference speaker, and the Director of Technology at Faith Ministries in Lafayette, IN. You can reach Jonathan at firstname.lastname@example.org and follow him on Twitter @JonathanESmith.