Three quarters of large charities have suffered cyber breaches in last year

Written by Lauren Weymouth

Over 70 per cent of large charities have experienced cyber security breaches within the last 12 months, a new government survey has revealed.

According to the Cyber Security Breaches Survey 2018, carried out by Ipsos MORI on behalf of the Department for Culture, Media and Sport, large charities are often exposed to greater cyber risks than businesses.

The main reasons were cited as charities’ use of digital for payments, with over half (53 per cent) of charities allowing people to donate online and under half (49 per cent) allowing beneficiaries to access services online.

Of those that had identified breaches or attacks, 37 per cent needed new measures to help prevent or protect against future breaches, 40 per cent used additional staff time to deal with breaches and 28 per cent said that breaches had stopped staff carrying out day-to-day work.

The estimated average cost of breaches identified and reported in the last 12 months by large charities was £1,460.

The survey revealed breaches were more often identified among organisations that hold personal data or where staff use personal devices for work. It also found that the use of personal devices was much more prevalent in charities (65%) than businesses (45%).

Data further revealed only half of all charities said cyber security was a high priority for their organisation’s senior management and just a quarter had trustees with a specific responsibility for cyber security.

Just two in ten charities (21 per cent) said they had a cyber security policy or policies and just 8 per cent said they had a cyber security incident management process in place.

RSM technology risk assurance partner, Sheila Pancholi said the survey “very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches”.

However, she added there also appears to be a “degree of complacency” when it comes to preventing and responding to cyber-attacks.

“There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a board level issue to ensure it gets the required level of focus.”

Related Articles

Lauren Weymouth talks to Jeremy Wells of Newton about whether charities think diversity is adequately reflected on their trustee boards

  • Charity Times Annual Conference Event Date: 2nd May 2019 Event Deadline: The Waldorf Hilton, London
  • Better Society Awards Event Date: 23rd May 2019 Event Deadline: 25th January 2019 London Marriott Hotel, Grosvenor Square, London
  • Charity Investment Conference in association with GAM Event Date: 29 November 2018 - 1pm-5pm Event Deadline: Royal Institution, 21 Albemarle St, Mayfair, London, W1S 4BS For booking and enquiries email
  • Property Roundtable Event Date: 27th February 2019 Event Deadline: Southplace Hotel, 3 Southplace, London For booking and enquiries email
  • Charity Times Awards Event Date: October 2019 Event Deadline: Park Plaza, Westminster Bridge, London
Most read stories...