Nonprofit leaders are often so focused on building and supporting communities that they forget to protect themselves and their organizations too.
If you have an office full of employees and volunteers, not to mention a board of directors, you need insurance. Nonprofits are susceptible to some of the same risks as the private sector, but they also face issues that are unique to the charitable sector. Securing sufficient coverage can be a challenge, especially since many nonprofits have smaller budgets and may not have the flexibility to secure all the coverages they need.
Leaders of nonprofit organizations must understand the risks and take steps to adequately prepare and protect against events that could threaten the viability of their organization.
Common Risk Exposures
A volunteer is injured at an event and holds the organization responsible. Fundraising donations go missing. A client is harassed by a nonprofit employee. Each of these incidents is a real possibility that opens the organization to risk and has the potential to lead to an insurance claim.
Although nonprofits are susceptible to a variety of risks, some of the most common include:
- Theft
- Fundraising fraud
- Reputational issues
- Property damage or loss
- Regulatory compliance
- Volunteer considerations
- Online security
A nonprofit that is hit with a cyber attack or a serious blow to the reputation may not be able to recover. It simply may not have the resources. It’s incumbent on the nonprofit leadership to protect the organization through risk management practices – including appropriate insurance coverage.
Build a Complete Insurance Program
When you begin to learn about insurance, the myriad of coverages can seem overwhelming. Many don’t even seem relevant. Although some specialty coverages may apply to your organization, a basic nonprofit insurance program requires 3 central coverages to manage the risk of the organization.
1. General liability protects and supports general business operations. It protects against claims of bodily injury, property damage and personal/advertising injury liability arising from the premises, operations or products. This coverage is quite broad and covers a range of risks. It’s kind of the blanket policy for the organization, and one most nonprofits are aware of.
Example: An underage potential adopter is bitten by a cat at your animal shelter, leading to a visit to the emergency room. The parent files a claim against the nonprofit for bodily injury.
2. Cyber insurance mitigates risk for breaches and other cyber events. It insures against a variety of data breach response costs, as well as public relations and crisis management expenses. Yet cyber insurance is not one-size-fits-all. Each policy must be tailored to the organization’s needs, based on its unique risks and exposures. A complete cyber policy should cover the following:
- The services of a privacy attorney to help navigate legal responsibilities after a breach
- A forensic investigation to pinpoint the cause of the breaches
- Coverage of the cost to notify potentially affected parties and provide credit monitoring services, as well as the cost of hiring a public relations firm to minimize reputational damage
- Liability defence costs, claim settlements, judgments, regulatory fines and penalties
- Damage to the IT network and digital assets, including any business interruption
Example: Hackers gain control of an organization’s donor database through a remote employee’s laptop and demand ransom to prevent release of the information online.
3. Directors and Officers (Management Liability) insurance protects your board of directors, who may be targeted in lawsuits and required to defend themselves. It guards against liability that stems from the business side of the organization, including employment-related issues such as wrongful dismissal and wrongful acts as fiduciaries of group benefits plans. Many nonprofits promise to indemnify their board members, but this is often a meaningless promise unless there is a large litigation defence fund – or an appropriate D&O policy.
The key here is that nonprofit leaders can be held personally responsible for the decisions they make. Even worse, they can be held responsible for decisions other leaders made simply because they sit on the same board.
Example: A wealthy family makes a donation to the nonprofit for a specific purpose, but the money was used in a way that the family objected to instead. The wealthy family files a claim against the directors for “wrongful” use of the money.
Finding appropriate insurance coverage can be a challenge. Yet in today’s world, it isn’t really feasible to operate an organization without coverage. The risks are just too high. Working with a specialist who truly understands the specific needs and challenges of the nonprofit world can ease the pain.
Contact a HUB Nonprofit expert for more information on assessing your information risk exposure, and creating a comprehensive information risk management and insurance program.