Most charities hit by cybercrime are failing to report incidents to the Charity Commission, a survey has revealed.
This found that just 34% of charities impacted by criminals are reporting breaches to the regulator, amid concerns that many in the sector are “underestimating” the extent of online fraud.
The survey has been released by the Charity Commission to coincide with Charity Fraud Awareness Week, which begins today and is being run by the regulator along with police and the Fraud Advisory Panel among others.
The regulator warns charities that reporting incidents helps the Commission to identify trends and patterns in cybercrime “and help prevent others from falling victim to fraud”, even if there may be no direct regulatory role for the Commission in the incident.
The regulator’s survey also found that that one in eight charities had experienced cybercrime in the last 12 months.
However, less than a quarter (24%) have a formal policy in place to manage risk and only 55% of charities reported that cyber security was a fairly or very high priority in their organisation.
This is despite the high risk of attack as more than half (51%) of charities hold people’s information electronically and 37% allow supporters to donate online.
“A greater digital footprint increases a charity’s vulnerability,” warns the regulator.
Is your charity aware of the risks of online fraud?
— Charity Commission (@ChtyCommission) October 14, 2022
1 in 8 charities experienced cybercrime last year but just over 24% had a formal policy in place to manage the risk.
Read more and get involved with #CharityFraudAwarenessWeek starting Monday (17 Oct): https://t.co/uus6FRCmWx pic.twitter.com/eyUYnIjZ3w
Charity Commission assistant director of intelligence and tasking, Amie McWilliam-Reynolds, said: “Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations.
“This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated.
“But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk and are therefore exposing their charity to potential fraud.
“We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face, and of the advice and guidance available to support them in protecting their charity from fraud.”
Fraud Advisory Panel trustee David Green added: “Fraud is the UK’s most commonly experienced crime and much of it is committed online.
“Therefore, it is essential that charities take the security of their systems, information, people and money seriously.
“Simple cyber security measures can make a big difference.”
Advice on cybercrime prevention
Advice being issued to charities includes using strong passwords bolstered by two factor authentication and changing them regularly,
Training and policies around cyber security need to be updated and data should be backed up via the cloud.
Antivirus and other software needed to be kept up to date as well, the regulator added.
Recent Stories