Three in four charities hit by cyber attacks

Around three quarters of charities have been hit by at least one security incident in the last 12 months, government figures have revealed.

The figures also show that charities are marginally more likely to be impacted than businesses. While 72% of businesses have experienced an incident over the last year, the proportion increases to 74% among charities.

Breaches range from unauthorised listening to video conferences, listed by 2% of charities, to staff receiving fraudulent emails, which was cited by 69% of charities.

Other breaches include people impersonating emails (32%), attempts to hack social media accounts or websites (11%) and infecting devices with malware or ransomware (10%).

Among those who have experienced a breach, more than a quarter (26%) say they have been attacked roughly once a month, while 36% say they have experienced a security breach more than once, but less than once a month.

The mean average cost of all incidents over the last 12 months is £1,878. This includes direct costs to investigate the incident, as well as staff time and hiring external consultants to fix problems.

The findings have emerged in the first wave of the government’s three-year cyber security longitudinal survey that looks at the impact of attacks on businesses and charities.

Leadership buy-in

A concern raised is that too often organisations’ approaches to cyber security are more “reactive than proactive, with many struggling to get senior level buy-in to improve cyber defences”.

Only 32% of charities have board level discussions around cyber security on at least a quarterly basis. A similar proportion (28%) say their board members have received cyber security training.

In addition, 64% of charities do not carry out “work to formally assess or manage the potential cyber security risks presented by suppliers in the last year”.

Among charities only just over half (55%) carry out cyber security training or awareness raising sessions for staff or volunteers not directly involved in cyber security.

“Overall, there are several areas where organisations of all sizes could potentially take more action, including around supply chain management, staff awareness and training, and actively assessing cyber security risks and seeking formal certifications,” adds the study.

    Share Story:

Recent Stories

How is the food and agricultural crisis affecting charity investment portfolios?
Charity Times editor, Lauren Weymouth, is joined by Jeneiv Shah, portfolio manager at Sarasin & Partners to discuss how the current pressures placed on agriculture and the wider food system is affecting charity investment portfolios.

Better Society