Cyber Crime Is An Increasing Risk For Charities

The British regulator the Charity Commission has warned that smaller charities are more vulnerable to cybercrime and this is because they are more likely to have older trustees, who’s understanding of cyber and the issues surrounding it is very low. 

The research, commissioned by the Charity Commission and in partnership with the Fraud Advisory Panel, said that almost a quarter (22 percent) of respondents believe cyber crime is a greater risk to the charity sector than other sectors. Larger charities are generally more likely to appreciate the risk of cyber-crime and take action to prevent it.

The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising. It adds that 3 per cent of charities are known to have suffered a successful cyberattack in the past two years.  

  • The report also says charities are four times more likely to discover cybercrime through internal IT controls or from staff raising concerns than by all other external sources combined.
  • Less than a third of charities were found to be reporting cybercrimes to the police, while a quarter reported the crime to their bank.32 per cent did not report the cybercrime to anyone outside their organisation.
  • Over a third of charities that had suffered a cybercrime said it had no impact on the organisation.
  • Of charities that suffered negative consequences from an attack, 19 per cent reported financial loss and 15 per cent reported loss of data.
  • More than half (58 percent) of charities think cyber-crime is a major risk to the charity sector, according to new research into the fraud and cyber-crime risks facing charities.
  • Nearly half of the 3,300 charities surveyed in partnership with the Fraud Advisory Panel said their board had overall responsibility for cybersecurity.
  • Meanwhile, nearly 500 charities said that no one was responsible for cybercrime at their organisation.

The Commission’s advice is that charities should clarify who is responsible for their cybercrime risks and make it a governance priority for the board.

  • Charities see phishing and malicious emails as the greatest cyber-threat (39 percent), followed by hacking/extortion (15 percent) and Distributed Denial of Service (DDoS) attacks (two percent).
  • Over a third (36 percent) of charities don’t know which type of cyber-attacks they’re most vulnerable to. And nearly half of charities state that the Board has overall responsibility for cyber-security, whilst 15 percent state nobody has responsibility. For the remainder, nominated trustees, chief executives, or IT and finance directors have this responsibility.

Helen Stephenson, chief executive of the Charity Commission, said that charities, like other organisations, rely increasingly on digital technology to deliver on their purposes.

"It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe," she said.

Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. It is encouraging charities to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel. 

In related news, the release of the latest annual Crime Statistics in England and Wales has revealed a decline in computer misuse and computer virus offences. While computer viruses fell by 27 percent in the last year, to 442,000 offences, incidents involving unauthorised access to personal information, including hacking, did not change significantly and there were 535,000 offences.

Charity Commission:           SC Magazine:               Civil Society:          Image: Nick Youngson

You Might Also Read:

A Guide To Preventing Charity Cybercrime:

 

 

« Fake News Generated Against Hong Kong Protesters
Tech Giants Have Facilitated An Online Slavery Market »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Ampere Industrial Security

Ampere Industrial Security

Ampere is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.