Insurance is a grudge purchase. You resent spending money on something you hope you'll never use. Yet organizations that skip insurance often experience financial crises that insurance would have prevented. Board members sued personally. Data breaches costing tens of thousands. A volunteer injured at an event. These aren't abstract risks—they happen regularly to real nonprofits.

The practical truth is that insurance isn't about risk avoidance; it's about risk transfer. You accept that bad things occasionally happen and you pay a relatively small amount to transfer the financial burden to an insurance company. The goal isn't to predict the future; it's to be solvent if something unexpected occurs.

This article covers the insurance types nonprofits actually need, how much they cost, which coverage is mandatory versus optional, and how to avoid expensive mistakes. The key principle is this: buy insurance that matches your actual operations, not insurance a broker thinks you should have.

Directors and Officers (D&O) Liability Insurance

D&O insurance is among the most important but misunderstood nonprofit insurances. It protects board members and officers from personal liability when sued for decisions made on behalf of the organization. Without it, a board member could be sued personally and held liable for legal defense costs and damages.

The scenario that triggers this: someone claims they were harmed by a nonprofit decision, so they sue the people who made it. A youth is injured in a program your board approved. A donor claims they were defrauded by a financial misrepresentation. A grant program fails spectacularly and the funder sues for recovery. The individual board members and officers could be defendants, personally liable.

D&O insurance covers defense costs and settlements. Without it, board members might hire their own lawyers, splitting legal bills among themselves—a nightmare scenario. With it, the insurance company appoints counsel and manages the claim. The cost to the organization is the premium, not the lawsuit.

Small nonprofits often skip D&O thinking incorporation provides enough protection. This is wrong. Incorporation (nonprofit status) protects board members from ordinary operational liability if you follow governance rules, but it doesn't protect them from claims that the nonprofit was mismanaged or harmed someone through a board decision. D&O fills that gap.

Cost is reasonable: $400-$2,000 annually depending on organization size and assets. For small nonprofits (under $500K), it's often under $600. This is essential coverage. Make it a priority before adding optional policies.

General Liability Insurance

General liability is the other essential policy. It covers bodily injury and property damage claims from people your nonprofit interacts with. Someone gets injured at your program. Your organization accidentally damages their property. Their family sues. General liability covers medical expenses, legal defense, and settlements.

Specific scenarios: A participant in your youth program is injured during an activity. A guest at your gala trips on a loose stair. A nonprofit vehicle hits another car. Your building's AC unit falls on someone's car. These are exactly what general liability covers.

General liability is often required by funders (foundations frequently require $1M+ coverage to accept grants) and by venue operators (if you host events). Most grant contracts specify a minimum coverage amount. You'll need it to accept grants, making it a de facto mandatory cost.

Cost depends heavily on what you do. A nonprofit that mainly does office-based work might pay $300/year. A youth program with high-activity programming might pay $1,500/year. Ask your insurance broker to calculate based on your specific programs and activities.

Event liability is a sub-type: if you host public events, venues often require separate event-specific coverage. This is different from your general liability and costs $200-$500 per event. Some general liability policies include event coverage; others don't. Verify with your broker.

Employment Practices Liability Insurance (EPLI)

EPLI protects organizations from employment-related lawsuits: wrongful termination, discrimination, harassment, wage violations. An employee claims they were fired because of their race. They sue. EPLI covers legal defense and settlement.

This is particularly important as you grow. With 1-2 staff, risk is low (one employee is unlikely to sue their friend employer). With 5+ staff, risk increases. With 15+ staff, EPLI should be standard because employment litigation is common and expensive to defend.

EPLI is also important if you have any past employment issues: conflicts with former employees, disputes about severance, questions about discrimination or harassment. These situations increase risk and EPLI is essential protection.

Cost is typically $1,000-$3,000 annually depending on number of employees and employment history. Organizations with clean employment records and good policies pay less; organizations with prior disputes pay more.

Prevention is actually the best insurance: good employee handbooks, clear policies, proper documentation of performance issues, and fair termination procedures reduce both the likelihood of lawsuits and your EPLI premiums. Insurers reward organizations that manage employment risk well.

Cyber Liability Insurance

Cyber liability covers data breaches and cybersecurity failures. Your nonprofit collects personal information: donor emails, member data, beneficiary information, payment details. If hackers breach your systems and steal that data, cyber insurance covers notification costs, credit monitoring services for affected people, forensic investigation, and recovery.

This seems abstract until you do the math: notifying 1,000 affected people (required by law in most states) costs $20-$30K. Offering them two years of credit monitoring costs another $30-$50K. Cleaning up compromised systems costs $10-$20K. A single breach can cost $80K+ before you're done. Cyber insurance covers all of it.

This policy is increasingly important because nonprofits are frequent targets. Hackers target nonprofits thinking they have fewer security resources than businesses. And they're right—many nonprofits have minimal cybersecurity.

The essential prerequisite: basic security practices. Multi-factor authentication for critical accounts, regular backups, password managers, security awareness training for staff. Cyber insurance is cheaper if you have these controls in place. Insurers also won't cover breaches caused by gross negligence (like email passwords posted on a whiteboard). So implement basics, then buy insurance as a backstop.

Cost is $500-$2,000 annually depending on amount of personal data you hold and your security practices. Small organizations with minimal data collection might pay $400. Larger organizations holding extensive donor and beneficiary data might pay $2,000+.

Property Insurance

Property insurance covers your physical assets: building, equipment, furniture, technology. If your nonprofit owns or leases a building, you need property coverage. If a fire damages it, property insurance covers repairs.

This is conditional: if you lease a building, your lease probably requires you to have property insurance on your contents and equipment (the landlord's insurance covers the building structure, yours covers what's inside). If you own a building, you definitely need it.

Cost varies widely based on building value, location, and claims history. Expect $1,000-$5,000+ annually for most nonprofits with dedicated space. Get a quote from your broker based on replacement value of your building and contents.

Volunteer Accident and Special Program Insurance

Volunteer accident insurance covers volunteers injured while performing volunteer work. Cost is $200-$500 annually. This matters if your organization has active volunteer programs, especially high-risk volunteer work (construction, outdoor work, etc.).

Specialized program insurance covers specific activities: vehicles if you operate a transportation program, abuse and molestation coverage if you serve children or vulnerable adults, specialized athletic coverage if you run sports programs. These are optional and depend on your specific operations.

What You Need by Organization Size

Very small (under $100K, mostly volunteers): Minimum: general liability. If possible, add D&O. Total: $800-$1,200.

Small ($100K-$500K, 1-3 staff): General liability + D&O + cyber. EPLI if you have employees. Total: $1,500-$3,000.

Medium ($500K-$2M, 5-15 staff): General liability + D&O + EPLI + cyber. Add property if you lease. Total: $3,000-$8,000.

Large ($2M+, 15+ staff): All of the above plus specialized coverage for your specific programs. Total: $8,000-$20,000+.

These are guidelines, not formulas. Your actual needs depend on what you do, what your funders require, and your risk profile. Talk to a nonprofit insurance specialist to customize your coverage.

How to Get Insured Without Overspending

Work with nonprofit-specialized brokers. Brokers like CHUBB, Nationwide, and Travelers specialize in nonprofit insurance. They understand nonprofit operations and can bundle policies affordably. A general commercial broker might not know nonprofit-specific needs.

Check for group programs. Many state nonprofit associations offer group insurance programs to members at heavily discounted rates. Your state's association (often called the "Nonprofit Center" or "Philanthropy Network") might offer this. Group rates are often 30-50% cheaper than individual policies.

Get multiple quotes. Insurance costs vary dramatically based on underwriting practices. Get 3-4 quotes for the same coverage and compare total cost. A $1,000 difference per year compounds to $10,000+ over a decade.

Bundle policies with one insurer. A single broker offering general liability, D&O, EPLI, and cyber together is usually cheaper than buying from separate insurers. Ask explicitly for bundle discounts.

Review coverage annually. As your organization grows, your needs change. New programs require new coverage. More staff means higher EPLI needs. More data collection means higher cyber risk. Update your coverage yearly to match current reality.

Budget for Insurance
Budget 0.5-2% of annual revenue for insurance. A $500K nonprofit should budget $2,500-$10,000 annually. A $2M nonprofit should budget $10,000-$40,000. These ranges account for different risk profiles. Use them as planning guidance but get actual quotes.

Frequently Asked Questions

If we're incorporated as a nonprofit, doesn't that protect board members from personal liability automatically?+
Incorporation provides limited protection called "liability shield"—if you follow governance rules and act in good faith, board members are generally protected from ordinary operational liability. But this doesn't cover claims that the board itself was negligent or made a harmful decision. D&O insurance provides protection for those scenarios. Many board members won't serve without both proper governance and D&O insurance.
If a funder requires specific insurance coverage, can we budget it into our grant request?+
Yes, usually. If a funder requires $1M general liability or specific EPLI coverage and you don't already have it, the grant budget should include those insurance costs. Include it in your administrative/indirect costs. Funders expect this and typically approve reasonable insurance costs as part of grant budgets.
Is cyber insurance really necessary for a small nonprofit that doesn't use much technology?+
If you collect any personal information—donor emails, member contact info, volunteer names—yes, get cyber insurance. Data breaches happen to small organizations too. Hackers don't discriminate by size. The cost is low ($400-$600 for small orgs) and the potential liability is high. It's worth it.
Should we get more insurance than we think we need, just to be safe?+
No. Over-insuring wastes money you could use on mission. Buy insurance that matches your actual operations and risks, plus what funders require. Avoid the temptation to buy "just in case" coverage for unlikely scenarios. Work with a broker to identify realistic risks for your organization, then buy coverage for those.