THIRD-SECTOR ORGANISATIONS
Broking director
Talbot Jones Risk Solutions
Insuring the third sector – i.e. charities and non-profits – comes with a unique set of challenges and opportunities. Richard Talbot-Jones was first introduced to the sector when he was recruited into an insurance brokerage and helped build that firm’s book of charity clients. Now as broking director at Talbot Jones Risk Solutions, he focuses on supporting the third sector by working directly with non-profits.
IBUK: What are the major challenges in insuring charities and non-profits?
Richard Talbot-Jones: Third-sector organisations operate in a vastly varied range of sectors, with operations that can mirror the private sector, as well as include activities more traditionally associated with charities. There’s a wide range of commercial and specialist insurers covering these activities, so one challenge is dealing with such a breadth of risks.
The main challenge is not, however, covering the activities of the organisation. The key issue is to understand the structure of the organisation, something that differs significantly to the private sector. Understanding the relationship between the directors or trustees and the staff within third-sector organisations is key to ensuring that the organisation, its people, operations and property are adequately protected. In organisations where there may be boards, executive teams, staff and volunteers, it’s important to understand who the decision-makers are, who has control over different aspects of the organisation, what policies and procedures are in place, and if they are being implemented effectively.
IBUK: How has GDPR affected charities and non-profits and how they’re insured?
RTJ: GDPR has had a dramatic impact on the third sector and how it buys cyber liability insurance. As well as facing the same issues as their commercial counterparts, dealing with director, employee and service user data, third-sector organisations often have the additional concern of managing donor data. This may often result in inconsistencies – for example, managing different databases for each of these groups of people, using different programmes and relying on different parts of the organisation to implement data security.
Our third-sector clients are likely to have donors’ financial information, as well as special categories of sensitive personal data relating to young people, ethnicity, disabilities, criminal records and medical conditions. The great thing about GDPR coming into force is that third-sector organisations are now more aware of the different types of data that they’re holding. This can make them more riskaware, prudent and active in data security. Whether they buy cyber insurance or not, most of the organisations we work with are adopting more risk management strategies to protect their data and digital assets. We think this is really positive for everyone.
