Government figures have shown a drop in cyber security breaches and attacks among small charities.
It found that less than a quarter (24%) of charities experienced an incident this year down on the three in ten (30%) reporting a breach or attack in 2022.
“The drop is driven by smaller organisations,” states a government report into the figures, which adds that the results for “high income charities, remain at similar levels to last year”.
The figures also show that 8% of all charities reported falling victim to cybercrime, a proportion that rises to 25% among high income charities.
But the government warns that of those charities that had experienced a cyber breach or attack, around a third (32%) ended up being a victim of cybercrime.
Among charities with an annual income of £500,000 or more, more than half (56%) had reported a breach.
The figures look at attacks on businesses and charities over the last 12 months. It found that for charities the single most disruptive breach cost £530, compared to £1,100 for all organisations.
In total there were approximately 785,000 cyber crimes across charities over the last 12 months.
The government figures have been published in its latest Cyber Security Breaches Survey and based on responses received during the winter 2022/23 and early this year.
It found that a large proportion of businesses have tacking action to tackle breaches than charities, with large businesses the most advanced in this work.
Just 27% of charities have carried out a cyber security risk assessment and only 19% had deployed security monitoring tools.
Meanwhile only a third of charities are insured against cyber threats, compared to more than half (55%) of large businesses.
Board level cyber security expertise is lacking across charities and businesses, with only a third of organisations in both sectors having trustees of board members who are “explicitly responsible for cyber security as part of their job role”.
Among high income charities 36% have a former cyber security strategy in place, compared to 68% of large businesses.
Raising the profile of IT staff and “building a shared understanding of the need for cyber security” within charities and businesses is being called for by the government.
One business and resources director at a high-income charity surveyed said: “We train people as part of induction. We provide training, it’s mandatory and repeated on a regular basis. We raise issues with staff at all monthly staff meetings. I’ve been harping on about cyber security and giving examples.
“We keep our profile high with staff – we remind people and do phishing tests and share the results with staff and other stakeholders.”
Charity Times video Q&A: In conversation with Hilda Hayo, CEO of Dementia UK
Charity Times editor, Lauren Weymouth, is joined by Dementia UK CEO, Hilda Hayo to discuss why the charity receives such high workplace satisfaction results, what a positive working culture looks like and the importance of lived experience among staff. The pair talk about challenges facing the charity, the impact felt by the pandemic and how it's striving to overcome obstacles and continue to be a highly impactful organisation for anybody affected by dementia.
Charity Times Awards 2023
Mitigating risk and reducing claims
The cost-of-living crisis is impacting charities in a number of ways, including the risks they take. Endsleigh Insurance’s* senior risk management consultant Scott Crichton joins Charity Times to discuss the ramifications of prioritising certain types of risk over others, the financial implications risk can have if not managed properly, and tips for charities to help manage those risks.
* Coming soon… Howden, the new name for Endsleigh.
* Coming soon… Howden, the new name for Endsleigh.
Better Society
© 2021 Perspective Publishing Privacy & Cookies
Recent Stories