Three quarters of charities haven’t invested in cyber security, despite 22% of UK charities of all sizes being targeted by attackers last year. 44% of charities aren’t protecting themselves from cyber attacks because they simply don’t see themselves at risk, leaving them vulnerable to costly security breaches (the average cost of a cyber breach to a charity in 2019 is nearly 10k).
But cost shouldn’t be your only concern — funders, supporters and beneficiaries are increasingly asking for charities to show how they are protecting data and taking cyber security seriously. It is increasingly a priority issue for organisations. 75% of charities (vs. 53% in 2018) now rate it as a high priority. Among these organisations, the most common attacks are:
- phishing emails (80% of businesses and 81% of charities experiencing breaches or attacks)
- others impersonating their organisation online (28% and 20%)
- viruses or other malware, including ransomware (27% and 18%)
Many charities are taking action on cyber security as a result of the General Data Protection Regulation (GDPR) but could take a more proactive approach around staff engagement and training:
- 49% of charities, directors or trustees are only updated once a year or less on cyber security (if at all)
- Only 29% the staff dealing with charity cyber security have the right skills and knowledge
In a survey, just over half of charities identified cyber security as a key priority, but almost three quarters said they hadn’t invested in cyber security.
A great starting point is to have a look at the Government’s 10 Steps to Cyber Security and for your board of trustees to recognise their responsibilities in protecting information and not merely as in IT issue.
Learn the common cyber attacks and how to spot the danger signs by taking part in the free National Cyber Security Centre webinar https://charitydigital.org.uk/ncsc-cyber-essentials/ on Thursday 18th July.