- Home »
- News »
- Sector News »
- 2023 »
- Partner News: Will your Association be denied cybersecurity insurance?
Partner News: Will your Association be denied cybersecurity insurance?
Cybersecurity insurance is an important risk mitigation strategy for Associations as cyberattacks continue to rise. This insurance provides financial coverage for data restoration, business interruption, regulator compliance and related risks.
However, obtaining and keeping cybersecurity insurance can be challenging for Associations for the following reasons:
- Lack of knowledge to answer the long list of questions on the cybersecurity insurance application form.
- Weak security management practices.
- Mistakes or omissions on the original insurance application.
- Not maintaining stated security management practices from the time of application to the time of a cybersecurity attack.
These issues can make it difficult to obtain and keep cybersecurity insurance. To avoid these, it’s vital that you understand your Association’s current practices and vulnerabilities, and to implement ongoing risk mitigations.
Given that most Associations outsource their IT operations to managed service providers (MSP), one way to start this process is to ask your MSP to do an Essential Eight audit. This Australian government-endorsed, Microsoft-focused audit will cover much of your infrastructure.
However, if you don’t have confidence in your MFP or want to cover a larger scope of work to include business processes, software applications and vetting of your service providers, you’ll need a customised audit.
I regularly help Associations with high-level cybersecurity risk audits customised for their unique needs. Please get in touch if you need a hand.
P.S. To read more articles about cybersecurity risks, check out these free resources here: https://roundboxconsulting.com.au/category/cybersecurity/
Tammy Ven Dange of Roundbox Consulting is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps Not for Profits with IT investment decisions, including with cybersecurity risk audits.