Cybersecurity breaches continue to mount, and the church is far from immune. In fact, sloppy and unmonitored systems, lack of policies and protocols, and failures to follow specific rules and government regulations can leave churches vulnerable and easy targets for cybercrime. These risks not only jeopardize sensitive data and threaten business continuity for churches, but they also can create financial and legal liabilities.

To help churches better understand the issues involved in cybersecurity and cyberliability, Church Law & Tax Report hosted a forum with three experts: Nathan Adams, partner with the national law firm Holland & Knight, LLP; Nick Nicholaou, president of MBS Inc., a team of IT strategists serving ministries, and author of Church IT: Using Information Technology for the Mission of the Church; and Lisa Traina, partner at Traina & Associates, a CapinCrouse company that focuses on data security and risk management.

How would you define cybersecurity and cyberliability?

Traina: In the short version, cybersecurity is the steps taken or measures and controls implemented to reduce the risk and impact of cyber issues—primarily things happening over the internet. And cyberliability would be the potential financial and legal impact of having poor cybersecurity practices in place.

Nicholaou: The only thing I would add is that liability is not only tied to not having good practices in place, but also to not following good practices.