Navigating the Cyber Seas: How Associations Can Mitigate Digital Risks

25th January 2024

In this follow-up article by risk specialist Martin Linfield, Divisional Director at James Hallam Insurance Brokers, we delve deeper into the cyber risks confronting associations. These risks extend beyond events to encompass broader considerations within the association's overall operational landscape.

Technology is one of the greatest potential assets available to modern associations, however it is also a point of failure, where the unethical can potentially work their way into an organization and cause real harm or challenges. It is therefore vital to understand the risks inherent in technology, as well as the benefits.

In today’s digital world, associations face a multitude of cyber threats that can compromise their operations, reputation, and financial stability. Understanding these risks and employing effective strategies, including cyber insurance, is critical for safeguarding against digital dangers.

The main cyber risks/methods of attack can be listed as follows:

  • Phishing: A prevalent, and for many the best known, form of cyber-attack, phishing involves criminals using deceptive emails, texts, or calls to extract sensitive information or infect systems with malware. Associations, holding vast amounts of member data, are prime targets as this can include personal, professional and even financial information, all of which is of value to those looking to take advantage of others. 

A successful attack can lead to extensive legal costs and multiple claims arising from data breaches, not to mention the reputation damage to the association associated with large scale data breaches.

  • Business Email Compromise (BEC): This sophisticated scam involves hackers impersonating high-level executives to trick employees into making mistakes during their day-to-day activity. This can include disclosing sensitive information or even making payment requests and transferring funds.  

Such attacks can be particularly prevalent during hectic periods, prior to major conferences for instance. The criminals know when an association’s busy time is likely to be (due to great event marketing and publication of conference details) and this gives them the perfect window of opportunity to target organizations who are likely to already be under significant stress. Again, risks here include data and financial loss.

  • Ransomware: Ransomware attacks, which lock out users from their systems and demand payment for access, have become a significant threat, occasionally even hitting national headlines. For associations there are multiple risks that include but go beyond data and financial loss.  

The operational cost to being locked out of a system is significant – everyone knows how hard it is to work when something as fundamental as their wifi “goes down.”  Imagine how much bigger the catastrophe during peak activity times for associations such as membership renewal, member exams/assessments, conference registration or onsite event delivery.

These are the three biggest risk facing associations at the moment, but they are very broad in terms of their definitions, each one includes a host of additional risk that need understanding and mitigation. For most, this level of understanding is simply too great, which is why a new generation of cyber protection options exist. These range from expert organizations to specific tools and they include the choice to work with specialist cyber insurers.

The best cyber insurers go far beyond providing financial cover, using their expertise and knowledge to offer robust solutions that proactively prevent the cyber attacks in the first place.  

Examples include:

  • Attack Surface Monitoring: This service continuously monitors all digital assets of an organization, allowing associations to focus on their core activities. By identifying vulnerabilities in real time, associations can respond promptly to potential threats, enhancing their overall security posture.
  • Security Notifications: Cyber insurers swiftly notify organizations of any detected threats or vulnerabilities, guiding them on immediate actions such as patching or updating systems. For associations, this rapid response is crucial, especially during peak activity times, to minimize the impact of any breach and protect members and attendee information.
  • Supply Chain Risk Management: Recognizing that security is as strong as its weakest link, cyber insurance extends to monitoring third-party vendors and suppliers. This is especially pertinent for associations that rely on various external partners for education, financial event and other activities, ensuring comprehensive protection across all operational facets.
  • Partner Technology: Cyber insurers collaborate with leading cybersecurity firms to offer advanced tools and solutions at preferential rates. These partnerships enable associations to leverage top-tier security resources, further fortifying their defences against cyber threats.

In my last Boardroom article I emphasized the importance of regular insurance reviews for associations. In the digital age, cyber attacks are as prevalent as physical disasters and should be treated with as much respect and risk management. Associations rely heavily on technology for various functions, making them vulnerable to different forms of cyber threats.

The article also highlighted the necessity for comprehensive insurance coverage, such as professional indemnity insurance to protect against the legal disputes that can arise from online activities, which can in turn stem from cyber-attacks. It is vital associations review their cover and ensure they have sufficient in place. The economic landscape is changing and cover needs to change with it to ensure everyone is protected.

Ultimately, for associations navigating the complex digital landscape it is essential that they understand the spectrum of cyber risks and employ effective mitigation strategies, including robust cyber insurance. Regularly reviewing needs, staying informed about evolving threats, and partnering with insurance experts can provide a solid foundation for managing these risks, ensuring the longevity and success of the association in a digitally-driven world.

Hit enter to search or ESC to close