The National Cyber Security Centre (NCSC) has issued a new report that outlines the cyber threat that charities of all sizes now face.
The purpose of this report, Cyber threat report: UK charity sector, is to help charities understand current cyber security threats, the extent to which the sector is affected and whether it is being targeted, and where charities can go for help.
The report quotes results from the 2022 DCMS Cyber Security Breaches Survey which measures the policies and processes organisations have for cyber security, and the impact of breaches and attacks. In the 2022 survey:
- 30% of UK charities identified a cyber attack in the last 12 months
Of those attacks
- 38% had an impact on the service, and
- 19% ‘resulting in a negative outcome’
WHY IS THE CHARITY SECTOR PARTICULARLY VULNERABLE?
The charity sector faces the same cyber risks as private sector and government organisations but the report highlights some reasons why charities could be particularly vulnerable to cyber attack:
- Charities are attractive targets for many hostile actors seeking financial gain, access to sensitive or valuable information, or to disrupt charities’ activities
- Charities may feel reluctant to spend resources, money, oversight and staff effort on enhancing cyber security rather than on front line charitable work
- Charities have a high volume of staff who work part time, including volunteers, and so might have less capacity to absorb security procedures
- Charities are more likely to rely on staff using personal IT (Bring Your Own Device) which is less easy to secure and manage then centrally issued IT
- And finally, the impact of any cyber attack on a charity might be particularly high as charities often have limited funds, minimal insurance coverage and, by their very nature, are a supplier of last resort providing services where there is insufficient government or affordable private sector alternatives
More information about who might target charities and the types of cyber attack are set out in the report which is available to download.
HOW TO IMPROVE YOUR CHARITY’S CYBER SECURITY
The report contains some key recommendations and links to guidance that will help charities improve their cyber security. NCSC strongly recommend that all charities:
- Read and implement the NCSC’s guidance that has been especially created for charities
- Improve your staff (and volunteers’) cyber awareness by using the NCSC’s staff training resources
- Consider using the NCSC’s Active Cyber Defence services, which can provide a range of automated protections, free of charge to charities
- Make sure the charity’s board understands its responsibility regarding cyber security, and knows what questions to ask
- Use Cyber Essentials, a government-backed scheme that will help protect your organisation from cyber attacks (and convince potential donors that you take cyber security seriously)
As Lindy Cameron, CEO of NCSC notes,
‘More charities are now offering online services and fundraising online, meaning reliable, trusted digital services are more important than ever […] Cyber attacks affecting services, funds or compromising sensitive data can be devastating financially and reputationally, potentially putting vulnerable people at risk. The NCSC continues to support this vital sector and encourages all readers of this report to implement the guidance within it.’
Download the full report here – Cyber Threat Report: UK Charity Sector.