In our increasingly digital world, the work of charitable organisations often relies on the safe storage and handling of sensitive information. As more and more charities transition to digital platforms for fundraising and outreach, the importance of robust cyber security measures and Charity Cyber Insurance cannot be overstated.
In this blog, we’ll explore the Cyber Security Breaches Survey 2025 and how the cyber security landscape is evolving within the charity sector.
The Prevalence of Cyber Crime
Data shows that 30% of UK charities experienced cyber breaches or attacks in the last 12 months, equating to roughly 61,000 registered charities. Phishing remains the most common form of attack, affecting 86% of charities that experienced a breach. Other forms of attack, such as impersonation of organisations online, remain present but at lower levels, while viruses or malware are reported less frequently.
The impact of cyber crime on charities
Among charities that do experience breaches or attacks, the average cost of the most disruptive incident was approximately £3,240, rising to £8,690 when excluding incidents with zero financial impact. Beyond financial costs, breaches can affect reputation, operations, and staff productivity.
Even when breaches don’t result in direct losses, they can disrupt normal operations. 16% of charities reported negative outcomes from breaches in the last year, such as reallocation of staff resources or service interruptions. Notably, the number of charities losing access to third-party services increased from 1% in 2024 to 5% in 2025, highlighting the evolving nature of cyber threats.
The Changing Face of Cyber Threats
Cyber security breaches and attacks have become common threats across the sector. Smaller charities continue to report fewer breaches than larger charities, but this may reflect under reporting or limited cyber monitoring. High-income charities (annual income of £500,000+) are more likely to be targeted and often have more robust controls in place.
Most charities now use a combination of technical measures, such as malware protection, network firewalls, and restricted admin privileges to reduce risks. While adoption is improving, areas like password policies and timely software updates still require attention.
Cyber Hygiene: A Must for Charities
Government guidance recommends practising “cyber hygiene,” which includes:
- Updated malware protection
- Cloud backups
- Strong password policies
- Network firewalls
While many charities are embracing these measures, some areas have seen declines, particularly in smaller organisations. Maintaining strong cyber hygiene is essential to protect sensitive donor and staff information.
Managing Cyber Risks and Supply Chains
Charities must be vigilant about identifying and mitigating cyber risks. While larger businesses are more advanced in this regard, all charities must consider the potential risks associated with their
supply chains. Cyber security risk assessments and the deployment of security monitoring tools can significantly improve a charity’s resilience to cyber threats.
Board Engagement and Governance
Board engagement is crucial for effective cyber security. The survey shows that 30% of charities have a board member or trustee explicitly responsible for cyber security. While this is in line with previous years, it highlights a need for more formal governance oversight.
Incident Response: Preparedness Is Key
While preventive measures are vital, it’s equally crucial to have a well-defined incident response plan. Cyber incidents can happen to any charity, and knowing how to respond promptly and effectively is of the utmost importance. Communication between IT teams and the wider staff is key to bridging the gap in incident response.
Protect your charity with specialist insurance
Despite the number and complexity of cyber attacks ever-increasing only a third of charities (34%) have taken out Charity Cyber Insurance.
Cyber attacks can prove costly and disruptive. A specialist cyber insurance policy can help give you the expert support you need if the worst happens. It won’t just cover your financial losses, it will also give you access to cyber security experts who can help to recover your systems and help you understand what caused the breach, so you’re protected in the future. It can also provide you with access to legal support.
Free Guide: Cyber Insurance & Fraud Protection for Charities
Our Charity Cyber Insurance experts have created a comprehensive guide, ‘Cyber Insurance & Fraud Protection for Charities‘, which is designed to help you further understand the risks you may face and how to protect your mission.
This guide outlines practical steps to strengthen cyber security, prevent fraud, and ensure your charity is financially protected in the event of an attack.
Download the Cyber Insurance & Fraud Protection Guide today and take the next step in securing your charity’s future.
About WRS
As experienced Charity Insurance brokers, WRS Insurance Brokers can help you find the right Cyber Liability Insurance for your charity. Get in touch with our team to discuss your organisation’s needs and request a quote. For more information call the team on 01206 760780 or email hello@wrsinsurance.co.uk.
WRS is part of the Benefact Group, a charity-owned, international family of financial services companies that gives all available profits to charity and good causes.