As part of the UK’s National Cyber Security Programme, new government research looked into charities’ cyber security and found that they are just as susceptible to cyberattacks as businesses.
According to the “Cyber Security among Charities” report, some respondents considered cyber security more of an issue for businesses than for charities. “These participants assumed that businesses would be more at risk as they would be more likely to hold customers’ financial details and generally be expected to have more cash in the bank,” it said.
The qualitative study also found that charities typically did not have internal specialist staff with the technical skills to cover cyber security. Responsibility for cyber security internally was often held by someone with a different core role, or the task was often outsourced to an IT provider.
As for training staff and trustees to raise awareness, many assumed training would be expensive and did not prioritise spending on it. Smaller charities also found it challenging in general as their staff tended to work remotely – with free or low-cost online training options more feasible.
When it comes to cyber insurance, charities have the same cost sentiment and see cover as too expensive to consider. According to the report, some charities had wider insurance policies such as public liability insurance or business continuity insurance, but it was not clear whether they were protected against a cyberattack.
Minister for Digital Matt Hancock commented: “Charities must do better to protect the sensitive data they hold, and I encourage them to access the tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre.”
For Helen Stephenson CBE, chief executive at the Charity Commission for England and Wales, the potential damage of a cyberattack is too serious to ignore. “It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation,” she said.
Stephenson added that they will continue working closely with the Department for Digital, Culture, Media and Sport – which commissioned the research – to help charities protect themselves online.
Related stories:
Lockton: UK businesses “severely unprepared” for impact of a cyberattack
Cyber insurance: the risk your clients need to know about
.jpg)
