Around three quarters of charities have been hit by at least one security incident in the last 12 months, government figures have revealed.
The figures also show that charities are marginally more likely to be impacted than businesses. While 72% of businesses have experienced an incident over the last year, the proportion increases to 74% among charities.
Breaches range from unauthorised listening to video conferences, listed by 2% of charities, to staff receiving fraudulent emails, which was cited by 69% of charities.
Other breaches include people impersonating emails (32%), attempts to hack social media accounts or websites (11%) and infecting devices with malware or ransomware (10%).
Among those who have experienced a breach, more than a quarter (26%) say they have been attacked roughly once a month, while 36% say they have experienced a security breach more than once, but less than once a month.
The mean average cost of all incidents over the last 12 months is £1,878. This includes direct costs to investigate the incident, as well as staff time and hiring external consultants to fix problems.
The findings have emerged in the first wave of the government’s three-year cyber security longitudinal survey that looks at the impact of attacks on businesses and charities.
Leadership buy-in
A concern raised is that too often organisations’ approaches to cyber security are more “reactive than proactive, with many struggling to get senior level buy-in to improve cyber defences”.
Only 32% of charities have board level discussions around cyber security on at least a quarterly basis. A similar proportion (28%) say their board members have received cyber security training.
In addition, 64% of charities do not carry out “work to formally assess or manage the potential cyber security risks presented by suppliers in the last year”.
Among charities only just over half (55%) carry out cyber security training or awareness raising sessions for staff or volunteers not directly involved in cyber security.
“Overall, there are several areas where organisations of all sizes could potentially take more action, including around supply chain management, staff awareness and training, and actively assessing cyber security risks and seeking formal certifications,” adds the study.
Latest News
-
Youth suicide prevention charity launches £440,000 appeal to keep services running
-
Regulator probes poverty relief charity’s ‘high risk’ handling of funds
-
Charity closures mounting up due to financial challenges
-
Fairtrade Foundation CEO takes top job at In Kind Direct
-
One in four charities have no global majority leaders
-
Traitors finalist inspires £30,000 in donations to Mencap
Charity Times video Q&A: In conversation with Hilda Hayo, CEO of Dementia UK
Charity Times editor, Lauren Weymouth, is joined by Dementia UK CEO, Hilda Hayo to discuss why the charity receives such high workplace satisfaction results, what a positive working culture looks like and the importance of lived experience among staff. The pair talk about challenges facing the charity, the impact felt by the pandemic and how it's striving to overcome obstacles and continue to be a highly impactful organisation for anybody affected by dementia.
Charity Times Awards 2023
Mitigating risk and reducing claims
The cost-of-living crisis is impacting charities in a number of ways, including the risks they take. Endsleigh Insurance’s* senior risk management consultant Scott Crichton joins Charity Times to discuss the ramifications of prioritising certain types of risk over others, the financial implications risk can have if not managed properly, and tips for charities to help manage those risks.
* Coming soon… Howden, the new name for Endsleigh.
* Coming soon… Howden, the new name for Endsleigh.
Better Society
© 2021 Perspective Publishing Privacy & Cookies
Recent Stories