This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.

The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Half of large charities hit by cyber attacks

This news post is almost 3 years old

A UK Government study has revealed the extent to which cyber criminals are targeting charities

More than half of large charities have reported a cyber attack or breach, a new study has revealed.

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, reported that 51% of organisations with an annual income of more than £500,000 had suffered a cyber breach or attack in the past 12 months.

It also found 26% of the almost 500 voluntary sector organisations surveyed had reported such activity over the previous year.

A quarter of organisations that had suffered attacks said they had to deal with them on a weekly basis.

The most common type of cyber attack for charities was phishing, identified by 79% of respondents, which often involves trying to con recipients into giving away personal details or passwords.

That was followed some way behind by impersonation attacks, suffered by 23% of respondents, where emails are sent out impersonating the charity.

Among the charities that identify breaches or attacks, the survey, which took place between October and January, found that 18% ended up losing money, data or other assets.

Ollie Whitehouse, from information assurance firm NCC Group, said the survey shows the risks organisations face.

He said: “These results highlight that there is still room for improvement, particularly when it comes to business governance through audits and the mitigation of supplier risk. To do this, businesses need to understand the threat and risk landscape through evidence-based insights, which can then guide on where to prioritise investment and actions.

“Overall, the survey underlines the criticality of having the right resilience measures in place when the human line of defence is breached. To combat this, it’s important that the government and the cyber security industry continue to educate organisations about the risks and how they can mitigate risks – particularly for charities, who remain a clear target for adversaries. At NCC Group, we are working closely with the charity sector in the UK through our partnership with the Small Charities Coalition (SCC), and will remain committed to supporting this sector in shoring up its defences.”