UK Charity Insurance understands the insurance needs of today's charities.

For your FREE
Charity Insurance
quote call:

01424 205063

UK Charity Insurance home pageFind out about the types of insurance charities may need.Why you should talk to the UK charity insurance specialists.Get a charity insurance quote.See how we've helped other charities with their complex insurance needs.Charity insurance related news.Contact details for UK Charity InsuranceLink to UK Charity Insurance's Facebook page.Link to UK Charity Insurance's Twitter page.


GDPR - Cyber Liability considerations for charities

Article posted: 17/04/2018

Request contact regarding Cyber Liability for your charity

Unless you’ve been stranded on a desert island for the last few months you’ll probably have seen these 4 letters on countless emails and, frankly, plastered all over the place. Heralded with as much fanfare and hype as the millennium bug, what are the implications of GDPR (the General Data Protection Regulation) for your charity beyond potential changes to your data processing activity, including marketing; and the beefing-up of your cyber security?

Applying GDPR to your own charity

There are countless whitepapers and blog posts out there to help you with high-level considerations as you face the task of achieving compliance with these new Data Protection rules which come into effect on 25th May 2018. The data regulator itself, the Information Commissioner’s Office (ICO), has plenty of useful resources and guidance on its website too. However, you’ll have spotted that there’s very little specific advice about how the new regulations will apply in real terms to our sector. What’s more, you’ll have to work out for yourself what you need to do within your individual organisation to meet compliance.

You’ll be keen to ensure you’ve implemented the relevant policies, systems and controls in time for the deadline but what if you do get something wrong along the way or at some point later? What if, despite your best efforts, you suffer a data breach or someone accidentally leaves that infamous laptop on a train?

A quick word about penalties for failures and breaches

The ICO has the power to issue fines of upto €20m for the major breaches under GDPR. For more minor breaches this figure is halved.

Get your insurers involved

As part of your GDPR preparations you’ll want to include a conversation with your charity insurance provider about the indemnity limits under your Cyber Liability cover to make sure you keep in-step with the financial exposure. It’s a relatively new and widely underrated area of insurance but one that will gain ever more prominence as our reliance on technology in-particular evolves. Any insurance expert worth their salt should be able to exhibit a sound understanding of Cyber Liability cover and have a pragmatic approach when relating the risks to your charity.

In short, Cyber provides the protection you’d need following a data loss or security breach. It covers things like the costs of forensic investigation, data recovery, PR & reputational damage limitation, losses to third parties as a result of the breach and even the defence costs of an ICO investigation and, crucially, any resulting civil fine.

A full explanation of the main heads of cover typically provided under a Cyber Liability policy


Breach Costs - Practical support in the event of a data breach (electronic or otherwise) including forensic investigations, legal advice, notifying donors/supporters or regulators, and offering support such as credit monitoring to affected individuals.

Crisis Containment - In the event of a data breach, prompt, confident communication is critical to help minimise the damage to a charity’s reputation. A leading public relations firm is engaged who can provide expert support, from developing communication strategies to running a 24/7 crisis press office.

Cyber Business Interruption - Compensation for loss of income, including where it is caused by damage to your reputation, if a hacker targets your systems and prevents your charity's business from earning revenue. How else would you survive this type of catastrophe?

Cyber Extortion - Protects you if a hacker tries to hold your charity to ransom with any final ransom paid, as well as the services of a leading risk consultancy firm to help manage the situation.

Hacker Damage - Reimbursement for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programmes or electronic data.


Privacy Protection - Pays to defend and settle claims made against you for failing to keep supporters’ personal data secure including the costs associated with regulatory investigations and settlement of civil penalties levied by regulators where allowed.

Multimedia Liability - The policy includes protection if you mistakenly infringe someone’s copyright by using a picture online for example, or inadvertently libel a third party in an email or other electronic communication.


Cyber Crime - Covers direct financial loss following an external hack into your charity’s computer network. This could be theft of money, property, or your digital assets.

Telephone Hacking - Pays the costs of unauthorised telephone calls made by an external hacker following a breach of your computer network; includes traditional fixed-line telephony systems, as well as online systems (VoiP, Skype, etc).

If you’re confident your IT systems are secure…

…think about Carphone Warehouse, TalkTalk and the other large corporations like them that have entire departments devoted to IT security but who still suffered a data breach. You have to consider that it’s also often the human error element that lets the side down - employees or volunteers cleverly targeted by criminals and tricked into revealing information, files accidentally left in public spaces, security patches not installed, a rogue employee with a grudge or the desire to sell data for their own profit.

“I don’t know where to start and my insurance provider hasn’t given us much advice.”

If this is the first you’ve heard of the GDPR changes you might like to check out the ICO’s Data Protection Self-Assessment Toolkit as a starting point. Thereafter, if you need any help with marrying your cover levels to the risks highlighted we’d be delighted to arrange that for you. Rest assured that it’s not just the organisations with deep pockets that can afford Cyber Liability cover.

Final thoughts

Your donors and supporters want to be sure that you’re treating their data seriously, safely and securely. So aside from looking at how a data breach might affect your ability to operate, consider how it might affect them. Then give some thought to how you’ll defend yourself and reimburse them if you do, in all innocence, cause your supporters a financial loss. How will you manage the loss of reputation that would bring? How will you survive any downtime? Cyber Insurance is one big, easy answer.

To talk about Cyber Liability or any other aspect of insurance for your charity, community group, voluntary organisation, church or faith group please call 01424 205063 or Request a Charity Insurance Quote online.

To be the first to receive information like this in the future, plus occasional offers from UK Charity Insurance, please subscribe to our updates - we promise not to overdo it and you can unsubscribe again at any time.



The trustees' role in managing charity risk

Give your charity the best chance of surviving a cyber breach

3 important charity insurance checks for non-experts

Key benefits to your charity of conducting an insurance review

How Business Interruption carries your charity during unavoidable downtime

GDPR, Cyber Liability and your charity

Abuse in charities

Get a charity insurance quote from UK Charity Insurance.

Give us your renewal date and
we'll call you at the right time.


UK Christian Links Directory

© Chris Knott Insurance 2012. All rights reserved.