Cyber Challenges in the Charity Sector: Insights and Strategies

In our increasingly digital world, the work of charitable organisations often relies on the safe storage and handling of sensitive information. As more and more charities transition to digital platforms for fundraising and outreach, the importance of robust cyber security measures and Charity Cyber Insurance cannot be overstated.

In this blog, we’ll explore the Cyber Security Breaches Survey 2024 and how the cyber security landscape is evolving within the charity sector.

The Prevalence of Cyber Crime

Data shows that 32% of charities experienced cyber breaches or attacks in the last 12 months. This is much greater in high-income charities with £500,000 or more annual income (66%). Additionally, a small percentage encountered fraud as a result of cyber crime.

Phishing stands out as the common form of breach or attack, and data confirms that 83% of charities have experienced this. Following this, although noted to a lesser degree, there are instances of individuals impersonating organisations via emails or online platforms, comprising 37% of charitable organisations. Lastly, viruses or other forms of malware constitute 14%.

The impact of cyber crime on charities

Among charities that do experience breaches or attacks, the most disruptive breach from the last 12 months cost approximately £460 on average, plus the damaging impact from reputational loss which is of course immeasurable.

Even if breaches don’t incur financial losses or data compromise, they can still affect organisations. Nearly two-fifths of charities (41%) experiencing breaches or attacks report some impact. Typically, these incidents require charities to reallocate staff resources or implement additional measures to prevent future occurrences which stop their staff from carrying out their daily work.

The Changing Face of Cyber Threats

Cyber security breaches and attacks have become common threats across the board. However, it’s concerning to note that smaller charitable organisations identify these threats less frequently than in previous years. The reasons are multifaceted, but it seems that smaller charities might view cyber security as less of a priority in the current economic climate, leading to a decrease in monitoring and logging of breaches or attacks.

The majority of businesses and charities employ a diverse array of measures to safeguard against cyber threats. The 2024 survey reveals a slight uptick in the adoption of certain controls and procedures among businesses, including the use of up-to-date malware protection, limiting administrative privileges, implementing network firewalls, and establishing protocols for handling phishing emails.

Cyber Hygiene: A Must for Charities

To defend against sophisticated cyber threats, government guidance recommends practising “cyber hygiene.” This includes measures like updated malware protection, cloud backups, strong password policies, and network firewalls. Although the majority of charities have embraced these measures, there have been concerning declines in some areas of cyber hygiene, such as password policies and applying software security updates within 14 days. Take a look at our blog to find out 5 practical steps your charity can take to reduce cyber-attacks.

Managing Cyber Risks and Supply Chains

Charities must be vigilant about identifying and mitigating cyber risks. While larger businesses are more advanced in this regard, all charities must consider the potential risks associated with their
supply chains. Cyber security risk assessments and the deployment of security monitoring tools can significantly improve a charity’s resilience to cyber threats.

Board Engagement and Governance

Board engagement and governance are crucial elements of effective cyber security. This data suggests that 63% report that cyber security is a high priority for their senior management. This proportion is greater among high-income charities (93% of those with income of £500,000 or more, vs. 63% overall).

Three in ten charities (30%) have board members or trustees explicitly responsible for cyber security. For high-income charities, it is reported that 47% have a formal cyber security strategy in place. This indicates a need for a more proactive approach within the charitable sector to ensure that cyber security is integrated into governance practices.

Incident Response: Preparedness Is Key

While preventive measures are vital, it’s equally crucial to have a well-defined incident response plan. Cyber incidents can happen to any charity, and knowing how to respond promptly and effectively is of the utmost importance. Communication between IT teams and the wider staff is key to bridging the gap in incident response.

In conclusion, charities play a crucial role in our society, and their work often relies on the secure handling of sensitive information. Cyber security is not an option; it’s a necessity. While the statistics may be disconcerting, they also serve as a wake-up call for charitable organisations to prioritise cyber security, adopt good cyber hygiene practices, and be prepared to respond effectively to cyber incidents. With the right measures in place, charities can continue their invaluable work while safeguarding their digital operations.

Protect your charity with specialist insurance

Despite the number and complexity of cyber attacks ever-increasing only a third of charities (34%) have taken out Charity Cyber Insurance.

Cyber attacks can prove costly and disruptive. A specialist cyber insurance policy can help give you the expert support you need if the worst happens. It won’t just cover your financial losses, it will also give you access to cyber security experts who can help to recover your systems and help you understand what caused the breach, so you’re protected in the future. It can also provide you with access to legal support.

As experienced Charity Insurance brokers, WRS Insurance Brokers can help you find the right Cyber Liability Insurance for your charity. Get in touch with our impartial team to discuss your organisation’s needs and request a quote. For more information call the team on 01206 760780.

WRS is part of the Benefact Group, a charity-owned, international family of financial services companies that gives all available profits to charity and good causes.