How common are cyber attacks in the charity sector?

Criminals know that charities hold a significant amount of sensitive and confidential personal and financial data electronically. The sector is regularly attacked by those who want to steal information about people and money, and they have several methods to gain access to it.
In 2022, the National Cyber Security Centre (NCSC) surveyed charities and measured the scale of the problem. In total, 30% of the 424 charities who responded reported having had a security breach in the last 12 months.

What are the possible impacts of a cyber attack on your charity?

The effects of a cyber attack vary from a minor disruption which is not immediately obvious, to complete disasters, the effects of which may be permanent.
Cyber attacks may lead to:

• Being unable to operate for hours, days or weeks until issues are resolved and processes put in place to prevent recurrence
  
• Financial costs to bring in experts to recover and restore systems after an attack
  
• Damage to your charity’s reputation
  
• Money could be stolen from your charity or supporters’ accounts
  
• Important files could be lost permanently or may be unrecoverable

All this in addition to the possibility of being fined for not taking steps to keep your data secure

For example, civilsociety.co.uk reported that in 2018 ‘The Information Commissioner’s Office (ICO) fined the British and Foreign Bible Society £100,000 after cyber hackers gained access to more than 400,000 supporters’ personal data. The Commissioner found that, although the Society was the victim of a criminal act, it failed to take appropriate technical and organisational steps to protect its supporters’ personal data’. Could your charity afford a fine that large?

‘It will never happen to us…’

It’s easy to become complacent, but here are some real life examples of cyber attacks:

• An attack on an educational charity led to thousands of pupils being unable to access content after the attackers encrypted it and published data on the dark web. It cost the charity over £500,000 to resolve
  
• A religious charity suffered a data breach where criminals accessed employee data and used it to open credit accounts
  
• Attackers compromised a housing charity’s emails, imitated a trusted supplier and asked for payments of over £900,000

  Do you need to sharpen up your cyber security?

  Our CharityGo cyber security course gives easy to understand, practical guidance to increase your charity’s level of protection. It reiterates the importance of a robust cyber security plan, outlines each of the main threats and how to spot them, plus details top level actions you need to take in the event of an attack. Cyber security is just one of the key topics in our online library of expert-written, ready-made courses for staff and volunteers.