Majority of big charities hit - many groups attacked weekly

The majority of large charities have been subjected to cyber attacks in the past year, it has been revealed.

Criminals have targeted more than three-quarters of big sector organisations, according to UK government data.

Its latest Cyber Security Breaches Survey shows that 62% of charities with annual incomes of £500,000 or more reported having a cyber security breach or attack in the year to March, rising to 76% among charities with an income of £5 million or more.

In Scotland the Scottish Association for Mental Health (SAMH) is still struggling to recover from a “devastating” attack which saw data including sensitive personal information such as names, addresses, email addresses and passport information dumped on the dark web.

The UK government survey data, based on responses from 424 organisations, shows that 30% of all charities said they had been targeted by cyber criminals in the past year.

Charities are less likely to be affected than businesses, although the number of businesses targeted has fallen from 46 per cent in 2018 to 39 per cent over the past year, though overall they are still less likely to be targeted than businesses.

A quarter of charities said they faced some form of cyber crime at least once a week and the majority said the only type of cyber crime they experienced last year was through phishing emails trying to direct the user to fraudulent websites, although 10% suffered more serious malware attacks.

Four in 10 charities said they sought external advice on their cyber security in 2021/22, and nine per cent said a cyber attack had left them temporarily unable to access their files or networks.

Four in 10 charities have a policy not to pay a ransom in the event of a take over of their systems, while 27% said they did not know if they had any policy in place for this.

SCVO has produced guidance relating to cyber security - it and a range of helpful links can be found here.