If you tried selling cyber insurance to nonprofits as few as two or three years ago—and found the hit rate too low to make the effort worthwhile—it may be time you tried again.
As recently as two years ago, low hit ratios were endemic in this niche area— for very specific reasons. But cyber insurance changes as rapidly as the tech industry as a whole, and it’s no longer the case today.
In the recent past, carriers were more uncertain of the risks than they are now—and their applications were long and onerous, requesting information that many nonprofit employees didn’t have. Most retail agents faced a huge challenge to produce applications that were acceptable to carriers.
This isn’t the case today. Some programs have applications with as few as four questions—easy for retail agents to ask and nonprofit employees to answer. Once the agent submits the risk, the hit ratios are high.
“Interestingly, we’ve found that the charity and nonprofit class of business has a 51% hit ratio, which is one of the higher classes of business,” says Ryan Collier, Chief Digital Officer at Risk Placement Services, Inc. “Clearly they are understanding the need, see the prices are very competitive, and realize that all entities will be hit eventually.”
“So much was unknown in this area of business up until recently,” adds Riley Binford, Executive Vice President of Charity First Insurance Services. “The insurance carriers continue to figure out their true liability. But there are programs in this space that have very streamlined application processes, and the hit rate is high for retail agents to present to their customers.”
And along with the hit rate, the need is growing.
Nonprofits—even small nonprofits—are particularly valuable targets for hackers. Nonprofit databases can contain extensive personal and payment information from donors, corporate sponsors, employees, board members, and volunteers. There’s also financial and sensitive information about the nonprofit itself.
While for-profit companies also collect valuable and sensitive information, nonprofits often don’t have the same resources to devote to comprehensive IT security measures. That makes them a very attractive target.
Nonprofits need more retail agents in the game who are willing to explain their risks and help them navigate the purchase of cyber insurance. With the risk to these organizations acute and growing, and the recent simplification of the application process, now is a good time to start or resume offering cyber insurance to nonprofits.