Nonprofits Had to Pivot to Survive During COVID. Did They Inadvertently Create New Risks for Themselves?
2020 was the year of the pivot.
Office workers transitioned from commuting every day for their 9-to-5 to logging in from their living rooms. Restaurants shifted from in-person dining to delivery services and curbside pick-up. And we all took additional safety measures like wearing masks and increasing hand-washing to combat the global COVID-19 pandemic.
Even those in the nonprofit sector found themselves tweaking their models and services to work safely during the pandemic. Many nonprofit organizations shifted in-person events to virtual ones, changing their business model in the process.
Rather than accepting in-person donations, for example, a food pantry may have started accepting monetary donations and using delivery services to help get the food to the people in need. Shelters worked with city governments to set up arrangements with hotels so that homeless people could be isolated during the earlier days of the pandemic.
Other groups doubled down on efforts to keep their communities safe from COVID-19. Some nonprofits volunteered their spaces to be used as COVID-19 testing sites and later vaccination clinics.
“They didn’t blink an eye. Most nonprofits ventured ahead,” said Parvathy Sree, vice president of nonprofit underwriting at AmTrust Financial Services. “They zigged and zagged to get their mission accomplished.”
For many in the nonprofit sector, shifting business models was a matter of survival. One study found that the economic effects of COVID-19 put one in three nonprofits in financial peril due to a lack of donations and government funds.
But as nonprofits changed the way they do business in order to continue serving their communities, they may have inadvertently introduced new risks into their operations.
“Anytime an operation is changed, there are going to be new exposures and hazards,” said Jeff Corder, vice president, loss control at AmTrust Financial Services. “Even something as simple as adding a stepladder that they’ve never used before could create a large loss.”
Shifting Business Models, Shifting Exposures
The most significant pivot many nonprofits made this past year was shifting in-person work to a virtual environment. Charities held virtual events and fundraisers. Churches held services over Zoom or started podcasts to help people stay connected to their faith. Universities turned to digital classrooms.
Whatever the tool or platform they used, nonprofit organizations saw an increase in cyber risk when they moved online.
“Cybersecurity should be at the forefront of everyone’s thought right now,” said Ian Perry, underwriting manager at AmTrust Financial Services.
“In general, nonprofits don’t think that they’re susceptible to the same hacks or lawsuits that could come to a private company, but they definitely are.”
Preparing for cyber exposures is no small task. Attackers are becoming increasingly good at using human engineering to enter into an organization’s system through phishing attacks.
Spending on cybersecurity products and services is expected to exceed $1 trillion over the five-year period from 2017 to 2021, reporting from Cyber Crime magazine found.
And the costs of a risk management misstep are high. Cyber attacks cost organizations $3.86 million, per data from the Ponemon Institute.
Though some nonprofits saw increased risks as a result of shifting their business models, others saw a decrease in exposure due to ending some programs. Many nonprofits also saw a decrease in volunteers during the pandemic and consequently had to end some of their programs and services, such as summer camps. Others may have closed second locations, leading to a reduction in exposure.
“They’ll say, ‘Oh, we stopped some of the programs because we didn’t have enough people,’ ” Sree said. “So then their exposure is reduced and their premium may be reduced too.”
When Should Nonprofits Talk to Their Insurers?
Although their exposures may have changed mid-policy, most nonprofits won’t discuss these shifts with their insurers until it’s time for renewal.
For nonprofits who have put an end to certain programs and services, it is worth mentioning those shifts at renewal. “You can reduce exposure and get some premium savings,” Sree said.
If nonprofits plan to continue offering virtual programs, it’s worth investing in a cybersecurity policy to keep everything protected in the event of an attack. These policies often come with risk management services as well. AmTrust contracts a hotline for insureds to call with any cyber insurance questions, for example.
“We’ll help them find a way to address the hazards and exposures from a loss prevention standpoint,” Corder said.
“That can help for various employment-related questions as well as on the cyber front,” Perry said. “If they feel that they have concerns there, they can call our hotline and ask questions.”
If your exposures changed significantly because of the pandemic, it may be worth sending a message to your insurer mid-policy as well. Some insurers may be willing to make adjustments to a policy on a case-by-case basis.
“We take a lot of the insurance changes on a case-by-case basis, and then give them solutions,” Sree said.
This is especially important for nonprofits that may be allowing the state to use their spaces as COVID-19 vaccination clinics. In those cases, it’s important for insureds to understand who is picking up coverage for what elements.
“When they get a contract for a vaccine clinic, then we have to sit and say, ‘Okay, what is your exposure? What does your contract say? Who’s responsible when somebody falls sick? Who’s responsible for the vaccine? Who’s responsible for administrating it? Who’s responsible for the slip-and-fall claims?’ ” Sree said. “We help them navigate that situation.”
Many nonprofits won’t see many changes to their policies coming out of the pandemic.
“If they’re sticking to their mission and if their exposure doesn’t change much, for the majority of them, not much changed in terms of insurance exposure,” Sree said. &