The danger for charities has grown over the past year
There has been an increase in the number of cyber attacks inflicted on charities over the past year.
A survey asked 500 senior decision makers at charities across the UK whether they had experienced incursions, what the effect of those were and if they had any measures in place to protect their organisation.
The research, for sector insurer Ecclesiastical, revealed that two in five charities (41%) experienced a cyber attack in the last 12 months, a 13% increase on the previous year (28%).
Research published in March 2021 by Department for Digital, Culture, Media and Sport similarly found that a quarter (26%) of voluntary sector organisations had reported such activity over the previous year.
Worryingly, almost a third (30%) of victims said they had experienced five or more attacks or breaches during the last year.
Phishing (39%), malware (30%) and denial of service attacks (29%) were the most common forms of cyber attack experienced by charities – again showing an increase on the previous year, where phishing accounted for just 15%.
Over a third (37%) of charities said that they had experienced a loss of data as a result of one of those attacks with 31% of those having received fines as a result of data breaches. Just last week the International Committee of the Red Cross confirmed it had been a victim of an attack in which personal data and confidential information on 515,000 vulnerable individuals was stolen from a third party.
The survey also found that charity leaders felt moving to home working had exposed them to a higher risk of cyber attack (39%).
There is some positivity though, with over three quarters (78%) of charities saying they feel fully prepared to deal with a cyber attack.
Three out of five (60%) have a cyber security plan in place, an 8% increase since 2020 (52%) with a further 28% saying they are developing one.
Over half (54%) responded to say that they have a cyber risk management plan and over two fifths (43%) have a cyber insurance policy while a further quarter (25%) are working towards taking one out.
Faith Kitchen, customer segment director at Ecclesiastical, said: “The last 12 months have been incredibly challenging for large parts of the charity sector – increased demand, decreasing budgets and restrictions changing how they work creating a perfect storm for many.
“Against such a challenging backdrop it is encouraging to see that charities are investing in cyber security measures to help tackle the increasing threat of a cyber-attack.
“The increase in attacks over the last year shows there is still more to be done to help protect charities from being a victim of cyber-crime. Ecclesiastical has produced risk management guidance to support charities with this, and we’d encourage them to speak with their broker about how our policies can provide further protection and to reduce the threat to their organisation.”
SCVO is part of the CyberScotland Partnership, helping to support organisations to enhance cyber security through common approaches, learning and action across the public, private and voluntary sectors.