The role of technology in conducting commerce continues to escalate at an extraordinary pace.

As such, most industry data, confidential customer and vendor records, business transactions, and essential, perhaps sensitive, company information is stored and accessible online.It is not surprising that there is a corresponding increase in the instances of cybercrime as the internet has rapidly become the new frontier for all interaction within and between the corporate, nonprofit, academic and governmental sectors.

As cybercrime perpetrators grow more sophisticated and successful, business and nonprofit leaders across all niches need to become more aware, more vigilant, and more proactive as well.

Leaders must be knowledgeable about the tools and resources they can use to protect their data.

By now every organization should have a disaster recovery plan as a part of their overall business strategy. Disaster plans of the past typically included best practices such as fire drills, preparation for an active shooter or some physical terrorist attack or hostage situation, readiness for natural disaster recovery in cases of a tornado or hurricane or even significant power outages, or how to respond to other foreseeable – and perhaps unforeseeable – challenges.

Disaster recovery plans of today, however, cannot ignore the threat from cyber criminals. These types of activities can become the most devastating of all, whether conducted against an entity or an individual in the form of personal identity theft. These situations are difficult to overcome, especially as our reliance on the internet, cloud storage, and other technology tools grows exponentially. While the physical structure must be protected, so too must care be taken to ensure the safety of all of the company’s assets.

Cybersecurity, which requires maintaining online privacy in the for-profit and nonprofit sectors alike – from shopping to banking to maintaining employee retirement plans to managing private donors’ details - is critical.

The new 21st century disaster plan, which has cybersecurity at the forefront, may include newly developed authentication tools, training for staff, constant caution regarding updating passwords, and continuously upgrading all initiatives that involve protecting the company’s systems.

Cyber insurance has emerged as a valuable component of any enterprise’s cybersecurity/disaster plan.

This special liability protection is defined as, “A type of standalone coverage that helps organizations recover after a major data loss due to a security breach, ransomware, or other cyber incident. Much like general liability insurance that protects in the event of a traditional, tangible calamity, cybersecurity insurance protects the organization in the event of a virtual calamity.”

Unfortunately, small to mid-size family-owned businesses and nonprofits, who are often the target of cybercrime, may find that the potential for business disruptions and the economic burden of a serious breach could cause them severe financial or reputational harm – from which it is hard to recover. As a result, cyber insurance is becoming a popular option.

Buyer beware!

As with any insurance policy or other similar service, the burden is on the business and/or nonprofit leaders to know the benefits and limits of the cyber insurance policy they purchase. They should, at the least, have a solid understanding of the wording regarding the extent and adequacy of the coverage and clarity regarding how the policy will complement and support their organizations’ overall disaster response.

Who needs cyber insurance?

There is almost universal recognition today that every organization can be a candidate for purchasing cyber insurance. For those who are charged with protecting other people’s money – such as Plan Administrators, TPAs and a range of business leaders including CEOs, CFOs, and HR Directors - their responsibility to safeguard their participants makes them excellent candidates for cyber insurance.

It is generally expected that a well written cyber insurance policy will cover several key areas:

  • Liability for privacy breaches, including the theft of confidential information, through unauthorized access
  • Extra expenses incurred due to unexpected down time or other related expenses that are the result of a security breach
  • The costs of restoring, updating or replacing lost data after a breach – as well as the costs involved in notifying all consumers/clients/customers as well as offering credit-monitoring service for all those impacted
  • The expenses involved in addressing cyber extortion, such as paying ransom to the perpetrators for data recovery
  • Coverage of costs that can result from related regulatory compliance

All responsible leaders should explore every option available to them as they endeavor to guard all data.

Don’t forget that there should be a public relations element in any recovery activities.

While an insurance policy can help to mitigate or minimize the monetary loss, in most instances, management of negative publicity is equally as important to consider when formulating a disaster plan.

Last word of advice

In conclusion, no leader can assume today that a breach ‘will not happen to us.’Sadly, the old head-in-the-sand-approach no longer provides proper security in the 2020 world of technology and beyond for any size organization!

If you are a Plan Administrator, or have a significant role in managing and monitoring your company’s retirement plans, please feel free to contact Elizabeth Harper at to schedule a confidential conversation or to be added to our email list.


Some of the details included here were researched at:

“What is Cybersecurity Insurance?” at

“What is Cyber Security?” Shweta Thapa

“Five Things You Need to Know About Cybersecurity Insurance” by Lucian Constantin at