Three quarters of large charities have suffered cyber breaches in last year

Written by Lauren Weymouth

Over 70 per cent of large charities have experienced cyber security breaches within the last 12 months, a new government survey has revealed.

According to the Cyber Security Breaches Survey 2018, carried out by Ipsos MORI on behalf of the Department for Culture, Media and Sport, large charities are often exposed to greater cyber risks than businesses.

The main reasons were cited as charities’ use of digital for payments, with over half (53 per cent) of charities allowing people to donate online and under half (49 per cent) allowing beneficiaries to access services online.

Of those that had identified breaches or attacks, 37 per cent needed new measures to help prevent or protect against future breaches, 40 per cent used additional staff time to deal with breaches and 28 per cent said that breaches had stopped staff carrying out day-to-day work.

The estimated average cost of breaches identified and reported in the last 12 months by large charities was £1,460.

The survey revealed breaches were more often identified among organisations that hold personal data or where staff use personal devices for work. It also found that the use of personal devices was much more prevalent in charities (65%) than businesses (45%).

Data further revealed only half of all charities said cyber security was a high priority for their organisation’s senior management and just a quarter had trustees with a specific responsibility for cyber security.

Just two in ten charities (21 per cent) said they had a cyber security policy or policies and just 8 per cent said they had a cyber security incident management process in place.

RSM technology risk assurance partner, Sheila Pancholi said the survey “very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches”.

However, she added there also appears to be a “degree of complacency” when it comes to preventing and responding to cyber-attacks.

“There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a board level issue to ensure it gets the required level of focus.”

Related Articles

  • Charity Times Awards Event Date: 2nd October 2019 Event Deadline: Park Plaza, Westminster Bridge, London For booking and enquiries email
  • Charity Times Pensions Roundtable Event Date: 10th October 2019 Event Deadline: Barnett Waddingham, 2 London Wall Place, London For booking and enquiries email
  • Investors Forum – Climate Change Event Date: 22nd October 2019 Event Deadline: 1 Birdcage Walk Westminster, London SW1H 9JJ For booking and enquiries email
  • Charity Times Annual Conference Event Date: 6th May 2020 Event Deadline: The Waldorf Hilton, London
  • Property Roundtable Event Date: 2020 TBC Event Deadline: Searcy’s at the Gherkin For booking and enquiries email
  • Better Society Awards Event Date: 23rd May 2019 Event Deadline: 25th January 2019 London Marriott Hotel, Grosvenor Square, London
Most read stories...