Navigating Cyberliability Insurance

General liability and cybersecurity insurance are not the same thing, and church leaders do well to understand the differences.

As church boards and pastors work to train staff members—and themselves—to spot cybersecurity scams before they take hold, cyberliability insurance may become part of the conversation.

And churches that assume general liability policies cover cyber-related claims could be in for a rude awakening.

It’s why insurance coverage for cyber-related incidents is a growing, albeit imperfect, coverage area. Church Mutual, for instance, offers cyber liability coverage limits that typically range from $50,000 to $1 million for a claim, according to a company spokesperson. 

Cyberliability insurance is expensive

However, leaders should note that the long-term sustainability of cybersecurity insurance remains in question.

The costs for insurers to provide coverage continue to climb, and so monthly premiums are climbing, too.

Marsh, one insurance broker, reported premiums jumped 28 percent at the end of 2022. They jumped another 11 percent at the beginning of 2023, according to business news site Raconteur. As rates climb and become less affordable, insurers are scaling back the scope of policies, according to the article.

Meanwhile, the federal government is considering federal insurance for organizations that maintain minimum security standards, according to the article.

About one-quarter of all cyber-insurance claims do not receive full coverage, due to policy exclusions, according to Today’s General Counsel.

Stay on top of coverage changes

As a result, churches should regularly review what is and isn’t covered with their cyberliability coverage, said Jonathan Smith, technology director for Indiana multi-site church Faith Ministry, and an advisor-at-large for Church Law & Tax

Smith, who also advises other churches and nonprofits in technology cybersecurity issues, said carriers also have been known to push back on claim coverage dates.

One church, in particular, ran into problems regarding whether the carrier would cover a claim based on the date the breach occurred or the date it was discovered, which was months later.

The losses suffered by the church between those dates were sizable, he added, so the carrier’s initial reluctance was a major concern.

Carrier also require policyholders to demonstrate cyber readiness and security to get coverage. Any shortcomings can jeopardize coverage of a future claim, noted Rusty Goodwin.

Goodwin is an organizational efficiency expert who co-presented a July 2023 webinar for the Evangelical Council for Financial Accountability (ECFA). 

Churches also should review their directors and officers insurance, Goodwin said.

The reason: claims brought against a church after an incident sometimes name the individual church leaders as defendants.

Create a culture of compliance

Prioritizing cybersecurity goes beyond insurance, though. Training and technology play a part, too.

Churches should view cybersecurity as a matter of urgency, and such urgency starts with church leadership, Goodwin said during the ECFA webinar.

Churches become more secure when their boards prioritize it, and failure to do so may even constitute a breach of fiduciary duty by board members, he said.

Sometimes church leaders protest the perceived costs associated with building a stronger “human firewall,” and beefing up technology, said Jay Cordova, Goodwin’s co-presenter.

When that happens, Cordova reminds leaders of the actual costs should a cybercriminal ransom a church’s most sensitive data.

While no organization can guarantee 100-percent safety, “compliance as a culture” can harden the defenses of churches, Goodwin said. 

Matthew Branaugh is an attorney, and the content editor for Christianity Today's Church Law & Tax.

This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations." Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.

ajax-loader-largecaret-downcloseHamburger Menuicon_amazonApple PodcastsBio Iconicon_cards_grid_caretChild Abuse Reporting Laws by State IconChurchSalary Iconicon_facebookGoogle Podcastsicon_instagramLegal Library IconLegal Library Iconicon_linkedinLock IconMegaphone IconOnline Learning IconPodcast IconRecent Legal Developments IconRecommended Reading IconRSS IconSubmiticon_select-arrowSpotify IconAlaska State MapAlabama State MapArkansas State MapArizona State MapCalifornia State MapColorado State MapConnecticut State MapWashington DC State MapDelaware State MapFederal MapFlorida State MapGeorgia State MapHawaii State MapIowa State MapIdaho State MapIllinois State MapIndiana State MapKansas State MapKentucky State MapLouisiana State MapMassachusetts State MapMaryland State MapMaine State MapMichigan State MapMinnesota State MapMissouri State MapMississippi State MapMontana State MapMulti State MapNorth Carolina State MapNorth Dakota State MapNebraska State MapNew Hampshire State MapNew Jersey State MapNew Mexico IconNevada State MapNew York State MapOhio State MapOklahoma State MapOregon State MapPennsylvania State MapRhode Island State MapSouth Carolina State MapSouth Dakota State MapTennessee State MapTexas State MapUtah State MapVirginia State MapVermont State MapWashington State MapWisconsin State MapWest Virginia State MapWyoming State IconShopping Cart IconTax Calendar Iconicon_twitteryoutubepauseplay