Charities are ‘too complacent’ about cyber crime, with just half of charities admitting to having a cyber security plan in place, new findings show.

New research by Ecclesiastical, which surveyed 200 charity leaders, found 52% of respondents have a cyber security plan in place, while 42% have a specific cyber risk management plan and 42% have cyber insurance.

Of those that do have cyber insurance in place, 65% said they don’t know what it covers.

Despite this, the research revealed 81% of charities believe they are still ‘fully prepared’ to deal with a cyber attack.

Those that feel secure in their abilities to deal with an attack cite good service from an IT provider (48%) and clear protocols and procedures (17%).

The findings follow the Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media and Sport, which found 22% of charities admitted a cyber-breach in 2019 compared to 19% the previous year.

Ecclesiastical charity director, Angus Roy said given the increase in cyber-attacks over the past year, charities “aren’t doing enough to protect themselves”.

“Many charities still don’t see themselves being at risk of cyber-crime, or if they do, they think they can transfer the risk to their IT provider. The fact is that charities are an increasingly attractive target to cyber-criminals and if they are victims of a cyber incident, it will be them and not the IT provider that has to deal with the reputational fallout.

“It’s also worth remembering that while IT providers can implement security measures and controls, it’s not a total solution. Cyber-crime is multi-faceted and can often involve a human factor, so charities need to ensure they have a cyber security plan and appropriate control mechanisms in place.”

Share Story: