More charities experiencing cyber breaches

Published on 15th October 2019

According to the government’s annual survey, over 22% of charities have identified breaches or attacks (business sector: 32%). Although a lower percentage of charities identify breaches compared to business, the cost is higher (£4,180 for businesses and £9,470 for charities).

The most common attacks are:

  • phishing emails (81% of charities experienced breaches or attacks)
  • others impersonating their organisation online (20% of charities experienced this issue)
  • viruses or other malware, including ransomware (18% of charities experienced this issue).

Although the survey notes that the GDPR has helped to ensure charities take action on cyber security, there is still more that can be done, especially around staff engagement and training. The survey revealed that 49% of charity trustees are only updated once a year on cyber security (Business sector: 34%) and cyber security training has only been given to staff in 29% of charities.

There has been an increase in awareness with 75% of trustees and senior management stating cyber security is a high priority (2018: 53%).

Awareness of this problem appears to correlate with the size of charity, with smaller charities not identifying this as such a high priority.

The government has published a helpful guide ‘10 Steps to Cyber Security’, but only 53% of charities have taken actions towards five or more of these steps.

Guidance: bit.ly/2ZcbW5v