Fewer charities deployed security monitoring tools than businesses

Around a third of charities suffered a cyber security breach over the past year.

New UK government data shows the extent of the threat - and how far the sector has to go in comparison to the private sector.

Almost one in three (32%) of charities experienced some form of cyber security breach, equating to “approximately 924,000” cyber crimes, in the past 12 months, a report for the Department for Science, Innovation and Technology showed.

The most common attack faced by charities was phishing (83%), fraud emails (37%) viruses or other malware (17%).

Worryingly, the report found that charities are less likely to undertake cyber security risk assessments than counterparts in the private sector, and fewer charities deployed security monitoring tools than businesses. 

But more than six in 10 charities (63%) said cyber security was a high priority for senior management, with three in 10 (30%) having trustees explicitly responsible for cyber security. 

About half of the charities surveyed protected themselves using “cyber hygiene” strategies. The most common forms of defence were updated malware protection, password policies, cloud back-ups, restricted admin rights and network firewalls.

Almost 40% of charities reported seeking information or guidance on cyber security from outside their organisation in the past year, most commonly from external cyber security consultants, IT consultants or IT service providers, according to the data.

More than one-third of charities said they were insured against cyber security risks.

For more on how you can protect your organisation, read SCVO’s guidance on cyber attacks.