National Cyber Security Centre
The government has, for the first time, released official statistics on charity action on cyber security and the costs and impacts of cyber breaches and attacks. The Cyber Security Breaches Survey 2018 helps organisations understand better the nature and significance of the cyber security threats they face.
The findings reinforce the conclusions of the National Cyber Security Centre’s (NCSC) Cyber Threat Assessment: UK Charity Sector that was published in March 2018. Namely, virtually all charities are reliant on online services, many charities are falling victim to cyber attacks, and smaller charities have less awareness of the risks they face from cyber attacks. This strengthens further the case for action by charities to prevent these attacks.
The most common cyber attacks against charities were receiving fraudulent emails, being directed to fraudulent websites, attempts by scammers to impersonate a charity online and malicious software being found on their system. With the average cost of a breach to a charity being £1,030.
Charities are exposed to additional risks when compared to business, with significant numbers of charities allowing the public to donate online or enabling beneficiaries to access services online. Losing access to these services has the potential to cause not only reputational damage, but in some cases could cause an existential threat to a charity’s survival if it were prevented from generating income or delivering its services.
"The most common cyber attacks against charities were receiving fraudulent emails, being directed to fraudulent websites, attempts by scammers to impersonate a charity online and malicious software being found on their system."
Cyber security is becoming an increasing concern for charities, with the finding that half of all charities say that cyber security is a high priority for their organisation’s senior management. However, two in five charities never update senior managers/trustees about cyber security issues. As with any risk that a charity faces, senior level awareness is vital. The figures show that these attacks are becoming more prevalent but, worryingly, as the GDPR comes into effect in May senior awareness of cyber security issues is not yet the norm which is likely to have a negative impact on a charity’s compliance.
The NCSC, in partnership with bodies across the sector, recently launched the Cyber Security: Small Charity Guide. This is a series of simple, quick and free or low cost steps that charities can take to protect themselves from cyber attacks. The guidance has been written with charities and the way they operate front and centre to ensure that it’s proportionate and implementable and, while written with small charities in mind, the tips are applicable to charities of any size. We encourage all trustees and staff to adopt this guidance in their charity as a matter of urgency to prevent these attacks and the potentially devastating impact they can have on an organisation.
For more technical guidance, please see the NCSC’s Ten Steps to Cyber Securityor the government endorsed Cyber Essentials certification scheme