Resiliency Holistic risk management planning remains essential to achieving goals. A comprehensive risk management strategy is crucial to ensuring nonprofits maintain a strong financial Case Study performance and reputation — and can ultimately determine their long-term resilience. A nonprofit that specializes in working with Unfortunately, many nonprofits are still taking a piecemeal at-risk youth reached out to HUB fearing it approach to preparing and responding to the many was under a ransomware attack, exposing risks they face, whether it be protecting their employees vulnerable patient and resident data. HUB or the populations they serve, responding to disasters, immediately put an action plan into place to or preparing for future challenges like climate change or cyber threats. Implementing an enterprise risk minimize access to emails and other sensitive management (ERM) strategy creates alignment within the information. After bringing in forensic organization — from the CEO and board members to staff accountants, it was determined there was no and volunteers — which is critical to managing the inherent data stolen during the event. risks of operating a nonprofit. The client was not only relieved that the A well-structured insurance program with adequate impact was minimal and resulted in a total limits is an integral part of a nonprofit’s comprehensive risk management strategy, but limited carrier capacity claim under $60,000, but the organization for critical coverages like sexual abuse and molestation also took the opportunity to train its staff to and higher insurance rates has made it difÏcult for many be better prepared in the future. nonprofits to get the coverage they need. With sexual abuse and loss payments against youth- serving organizations reaching as high as $10 million majority are simply not doing enough to mitigate cyber in some cases, capacity is unlikely to improve anytime risks and the financial and reputational damage that 9 soon. In fact, 92% of carriers expect the sexual abuse and comes with it. molestation market will harden in the next three years, with 85% of carriers projecting higher premiums and 78% According to the HUB survey, only 29% of respondents Case Study anticipating increased underwriting requirements that from nonprofit organizations have cyber insurance to 10 Companies include organizational abuse risk processes. protect their organization. A nonprofit that specializes in working with at-risk youth reached out to HUB fearing it was that do not implement proven sexual abuse prevention under a ransomware attack, exposing vulnerable patient and resident data. HUB immediately policies will face serious challenges ahead. put an action plan into place to minimize access to emails and other sensitive information. After Nonprofits must also work proactively to protect against 9. Praesidium, “Praesidium SML Report 2024,” accessed September 5, 2024. bringing in forensic accountants, it was determined there was no data stolen during the event. cyber-related threats as their dependence on technology 10. Praesidium, “Insurance Carrier Benchmarking: Sexual Abuse and Molestation Liability,” April 2023. The client was not only relieved that the impact was minimal and resulted in a total claim under increases, including artificial intelligence, to run their organizations and process financial transactions. The $60,000, but the organization also took the opportunity to train its staff to be better prepared in the future. 5