As digital systems become central to service delivery, cyber security is no longer just a technical issue. This piece explores how charity leaders and trustees can make space for cyber risk, support staff and volunteers, and strengthen organisational resilience.
________________________________________________________________________

Charities are using digital systems every day to deliver their services and keep in touch but with this capability comes a level of risk.

“Almost one in three (30%) charities experienced some form of cyber security breach/attack in last twelve months.” 2025 UK Cyber Security Breaches Survey

Unfortunately, with the scale, range and sophistication of cyber threats continuing to grow each year, like every sector, it is a case of when rather than if a cyber-attack will occur. So what can you do to minimise potential disruption to the essential services your organisation provides?

Make space on the agenda for cyber

Think about cyber risk – in a structured way. You should be asking questions about cyber risk, as part of your overall business risk. One useful framework to help with this is the National Cyber Security Centre’s Board Toolkit, a comprehensive set of resources that describes the nature of cyber risks and your responsibilities in ensuring that these risks are well managed.

Get your staff/volunteers switched on

Your staff and volunteers are using digital systems, day in and day out. Give them the right awareness and basic training so they’ll be able to spot cyber risks and take the appropriate action - empowering them (and you) to make your organisation less vulnerable. To support this SCVO launched a cyber awareness campaign to help reinforce key cyber security principles covered in entry-level training.

Preparation is key

You can reduce a lot of the stress and risk of a cyber attack by having an incident response plan prepared in advance – does your organisation have one? If not, create a basic one now using SCVO’s incident response poster, or if you already have one then why not test it to make sure it is still up-to-date.

We all have a responsibility in helping prevent cyber incidents through engaging with our organisation’s cyber advice/guidance and following their policies and processes. However, if you think there’s been a cyber incident or suspected phishing activity, don’t panic – talk to your IT owner/provider who can help work out what’s happening and determine next steps.

Start small, big impact

Make sure your organisation is protected against the most common threats by checking out NCSC’s Small Charity Guide. It highlights 5 simple, practical steps which will improve your cyber security: backing up your data, keeping mobiles and laptops safe, preventing malware, avoiding phishing attacks and using strong passwords. If you’re looking to gain some assurance on whether your digital systems and data are protected check out IASME’s free Cyber Essentials Readiness tool.

The good news is that taking the first steps to staying safe online is easier than you might think. There is lots of free advice and support out there to help you start to prioritise cyber risk, protect against the most common threats and prepare/respond to cyber incidents when they inevitably occur.

For further information check out SCVO's Cyber Resilience page, where you can keep up to date with all things cyber, and/or get in touch with our Cyber Resilience Co-Ordinator if you’d like to chat through in more detail.

---