Why do charities need public liability insurance?
Charities are a special kind of organisation. With the increase in privatisation and rising living costs across the UK, the work of non-profits has rarely been more important at home. And for those providing aid abroad, their humanitarian goals must be admired.
If only out of respect for intentions, it’s hard to imagine why anyone would do something that might financially damage a charity. However, claims are regularly raised against charitable organisations, both by those they are trying to help, and by members of the public.
What liability does a charity have?
The responsibilities which need to be covered by charity liability insurance are largely the same for non-profits as they are for commercial businesses. When it comes to the law, both kinds of group have exactly the same duty of care to their employees, community and the public.
When considering how to protect your organisation, be aware that not-for-profit insurance could cover public liability, employers’ liability, and – depending on how you fundraise – charity event insurance.
Do I need public liability insurance for an event?
Public liability (PL) insurance for a charity event isn’t a legal requirement, but considering the substantial risks associated with holding a fundraising activity with members of the public, it could be seen as beneficial.
This is particularly important for smaller charities, who may not regularly hold large events. Insurance for small charities and non-profit groups will cover the day-to-day activities and demands of your organisation but might not offer the level of cover you need for an occasion which involves large numbers of people and (potentially) rented space and equipment.
Say, for example, you held a fundraising auction and a guest tripped over items you had left in an unsuitable place. If that individual hurt themselves, their injury would be your responsibility and you would be liable if they decided to make a claim. Equally, if you damaged a rented space while installing furniture for an event, the owner of that space could rightfully seek compensation. Depending on your insurer, your small charity insurance might not provide enough cover for such a situation.
If you’re holding a charity-do, specialist charity event insurance will cover you for the unique circumstances of your event.
Specialist charity event insurance might include:
- Public liability cover
- Employers’ liability cover
- Cancellation and disruption insurance
- Property cover
- Liability for damage to venues
- Indemnity to venue owners or operators
What kinds of insurance do charities need?
The insurance package which a charity needs depends on the type and scope of its operations. But although the level of cover may vary, there are a few types of insurance that could always be included:
Employers’ liability – Liability insurance for voluntary groups does not cover your volunteers; employers’ liability is a legal requirement to protect those employed by you, even in a voluntary capacity.
Trustees’ insurance – Trustees’ insurance will help to make sure that your leadership team aren’t held personally liable for mistakes and accidents that happen within your charity.
Public liability insurance – Public liability insurance for non-profit organisations is a crucial way to protect the good work you do from being disrupted by unnecessary financial damage.
Charities hold an important place in society, and the work they do enriches the lives of many – so making sure they are able to continue making a difference is essential. Public Liability insurance is just one way of protecting them from harm. It not only covers the charity against claims, it ensures that anyone who suffers an injury or damage to their property as a result of the charity’s activities has access to compensation.
Charity public liability insurance is suitable for charities of all sizes and can protect it against commercial loss. For a tailored insurance quote, contact one of our brokers
What is Phishing?
Learn how phishing can harm your business
Key statistics from 2019 can help to illustrate the real threat phishing can pose:
- 32% of all data breaches involve phishing.
- Companies are three times as likely to suffer a digital breach through a social attack (such as phishing and pretexting) than via technical vulnerabilities.
- Malware is present in two-thirds of phishing attacks.
- Click rates for phishing attacks sit at roughly 3%.
- Clearly, phishing is a digital threat which should be taken seriously by both businesses and individuals. So why is phishing still such a successful method of gaining access to people’s information?
One reason may be a lack of understanding around what phishing actually is. Most of us know better than to reply to an email from a foreign prince – but what about opening an email from your favourite on-demand streaming service, entitled ‘Account Deactivated’? Would you consider your actions before clicking on a link in that email? Or would your emotional response override your caution?
It’s not just the gullible and naïve that fall for these scams, phishing can – and does – trick even the most digitally accomplished of people.
Phishing examples and what to look for
Phishing can be executed in numerous different ways, based on who is being targeted and what the hacker hopes to achieve – for example, steal financial details or gain access to a system holding sensitive data. They’ll often come from websites that you use regularly, which can make them tricky to spot. Some examples of email phishing attacks include:
- Deceptive phishing – Where the scammer will rely on close mimicry of a legitimate business’ official correspondence email or website. Past examples have included household names such as Netflix, PayPal and Amazon asking for urgent verification of accounts, or offering unexpected refunds.
- Spear phishing - This is where the attack is highly personalised to the victim, often featuring their name, position and company name. Often these will be cyber-criminals posing as the HRMC – offering a tax rebate, for example – or as a bank, or another trusted institution.
- Whaling attack – Also known as CEO fraud, whaling attacks target CEOs and top executives, aiming to compromise the individual’s email account and use it to commit fraud. These attacks take advantage of the power these individuals wield within their organisations, using an informal approach to inspire trust.
- Pharming – Scammers redirect users of an authentic website to a malicious website, where they are prompted to enter their details. One of the most advanced methods of phishing, it can be incredibly hard to detect if you are being ‘pharmed’ out from a legitimate website to a malicious one.
- Google doc and Dropbox phishing – Some phishing attacks target specific services, such as Dropbox and Google Docs. The victim will receive an email informing them that they’ve been sent a file through one of these platforms and asked to enter their login details – these details will then be used to hijack the account.
Spotting a phishing attack can be tough – especially as spoof websites and email messages become increasingly sophisticated - but it helps to know what to look for. This is where protection and training come into play.
You can identify phishing attacks by looking for phrases such as ‘reset your password’ or ‘verify your account’ in the email. If you receive a suspect email, don’t open any attachments or click any links. If you’re unsure about its validity, you can forward it to the business it is allegedly from so that they can confirm whether or not it is legitimate.
Investing in up-to-date phishing protection software will also help to defend you from malicious scams. A good programme will scan inbound emails for indications of fraud, notifying the recipient of anything suspicious. Look for software that also scans emails for malicious URLS and any weaponised attachments. Furthermore, you could consider cyber insurance, which would cover your business for both current and future cyber risks. This form of insurance can cover the cost of investigating a cybercrime, recovering any lost data and recovering computer systems after a security breach, extortion payments demanded by hackers and any loss of income incurred by a business shutdown.
Phishing email training
For businesses it’s crucially important that all staff are trained to understand the threats of phishing and how to identify potential scams. Whether training is run internally, or by an external training provider, it’s vital information for everyone from the interns, right up to the CEO.
Phishing scams depend on individuals being fooled by scammers’ cons. So by making sure that every member of your business is aware of the techniques that phishers use, and alert to the threat they can pose, you’re adding a much needed layer of protection to your business.
What to do if a phishing attack is done in your name
While businesses need to be clued up about the signs to look for when targeted by phishing attacks under other businesses’ names, it’s also essential that you know what to do if a phishing scam were to be set up in your business’ name.
The most important thing to do when you become aware of a phishing scam masquerading as your business, is to alert your customers. By publishing a list of genuine email addresses used for customer communications on your website, customers can better identify phony email addresses. You may also wish to provide a contact email address for customers to forward on suspicious emails, so that you can quickly identify fishing attacks.
Our cyber and data risk insurance is designed to cover your business for costs associated with data recovery, reputation management, GDPR investigations and business interruption. For more information on the common cyber threats and how to safeguard your business, read the rest of our cyber security and protection FAQs.