$1 trillion – cyber crime has been calculated to have the cost the global economy more than this amount in 2020. And if you’re thinking as a not-for-profit organisation, you’re not a key target for cyber criminals, you might want to think again. According to research, up to 1 in 5 not-for-profit organisations had suffered a crime, including cyber crime, during the preceding year. This sector is a lucrative target for cyber criminals for several reasons. Below we provide an overview of what cyber crime in the Not For Profit sector entails, how organisations can prepare, and how Cyber Insurance can help.
Why are Not For Profits at risk?
There are few organisations that aren’t at risk of cyber attacks in some way, but a few aspects of Charities and Not For Profits make them a particularly appealing target. Firstly, you’re likely to hold a lot of personal information about your clients and forms of identification. This type of information is valuable for cyber criminals as it provides them with an easy avenue for identity theft, where cyber criminals steal personal information to, generally, steal money or gain other benefits.
Another reason for Not For Profits appealing to hackers is their cyber security infrastructure tends to be less sophisticated compared to those of larger corporations. In addition, Not For Profits may not have the resources to protect their assets and data. The combination of these factors has made it even easier for cyber criminals to target charities and Not For Profits in gaining access to their systems and networks.
What could go wrong?
Cyber crimes and attacks can take many forms, such as malware, ransomware , business email compromise, phishing, and much more. To learn more about the different methods of cyber crime, see the ACCC’s The Little Black Book of Scams.
Here are a few claims examples of Aon clients who have experienced cyber attacks:
Sarah* is a volunteer for a local charity. As part of her duties, she performs administrative tasks, including uploading of client files to an online portal. The files she uploads often contain sensitive and confidential information about the clients. One day, she accidentally uploaded a particular client file under the wrong client, making their details visible to a third party. As this was a privacy breach, the charity was required to pay thousands of dollars to remediate the breach.
Alex* is an employee at a not-for-profit organisation. He received an email one day from the Operations Manager asking for their payroll banking details to be changed. Alex updated the bank details on their system, and the manager’s wages totalling $3,000 were paid into the new account. It was later however discovered that the Operations Manager’s email had been compromised, and the bank account details provided were that of a cyber criminal, pretending to be the Operations Manager.
Why the Cloud is not foolproof
It might be easy to assume that because you use a cloud-based application or provider, your systems are immune to unfortunate cyber incidents. But it’s important to remember cyber crime goes beyond hacking of your virtual networks – even using a computer in the office means that the device itself may be hacked. Furthermore, your data being stored in the cloud does not completely secure it from unauthorised access, use, theft, deletion or cyber extortion. Privacy breaches may result from unexpected sources such as a disgruntled employee.
Steps for prevention
There are a number of steps NFP’s can take in strengthening their defence against cyber crime. Installing appropriate security software, educating employees and volunteers and also restricting access to data to only those with immediate needs are just some of these steps. However, sometimes despite taking every step for prevention, organisations with even the most foolproof systems in place can be a victim of cyber crime due to hackers becoming more and more sophisticated in their methods.
This is why Cyber Insurance should also be an important consideration for Not For Profits. Cyber Insurance may help cover financial losses incurred as a result of a cyber attack or incident. To learn more about cyber insurance, read our flyer or contact Aon’s NFP team.
Subscribe to SME Talk
Aon has taken care in the production of this document and the information contained in it has been obtained from sources that Aon believes to be reliable. Aon does not make any representation as to the accuracy of the information received from third parties and is unable to accept liability for any loss incurred by anyone who relies on it. The recipient of this document is responsible for their use of it.