Cyber Crime Is An Increasing Risk For Charities

The British regulator the Charity Commission has warned that smaller charities are more vulnerable to cybercrime and this is because they are more likely to have older trustees, who’s understanding of cyber and the issues surrounding it is very low. 

The research, commissioned by the Charity Commission and in partnership with the Fraud Advisory Panel, said that almost a quarter (22 percent) of respondents believe cyber crime is a greater risk to the charity sector than other sectors. Larger charities are generally more likely to appreciate the risk of cyber-crime and take action to prevent it.

The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising. It adds that 3 per cent of charities are known to have suffered a successful cyberattack in the past two years.  

  • The report also says charities are four times more likely to discover cybercrime through internal IT controls or from staff raising concerns than by all other external sources combined.
  • Less than a third of charities were found to be reporting cybercrimes to the police, while a quarter reported the crime to their bank.32 per cent did not report the cybercrime to anyone outside their organisation.
  • Over a third of charities that had suffered a cybercrime said it had no impact on the organisation.
  • Of charities that suffered negative consequences from an attack, 19 per cent reported financial loss and 15 per cent reported loss of data.
  • More than half (58 percent) of charities think cyber-crime is a major risk to the charity sector, according to new research into the fraud and cyber-crime risks facing charities.
  • Nearly half of the 3,300 charities surveyed in partnership with the Fraud Advisory Panel said their board had overall responsibility for cybersecurity.
  • Meanwhile, nearly 500 charities said that no one was responsible for cybercrime at their organisation.

The Commission’s advice is that charities should clarify who is responsible for their cybercrime risks and make it a governance priority for the board.

  • Charities see phishing and malicious emails as the greatest cyber-threat (39 percent), followed by hacking/extortion (15 percent) and Distributed Denial of Service (DDoS) attacks (two percent).
  • Over a third (36 percent) of charities don’t know which type of cyber-attacks they’re most vulnerable to. And nearly half of charities state that the Board has overall responsibility for cyber-security, whilst 15 percent state nobody has responsibility. For the remainder, nominated trustees, chief executives, or IT and finance directors have this responsibility.

Helen Stephenson, chief executive of the Charity Commission, said that charities, like other organisations, rely increasingly on digital technology to deliver on their purposes.

"It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe," she said.

Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. It is encouraging charities to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel. 

In related news, the release of the latest annual Crime Statistics in England and Wales has revealed a decline in computer misuse and computer virus offences. While computer viruses fell by 27 percent in the last year, to 442,000 offences, incidents involving unauthorised access to personal information, including hacking, did not change significantly and there were 535,000 offences.

Charity Commission:           SC Magazine:               Civil Society:          Image: Nick Youngson

You Might Also Read:

A Guide To Preventing Charity Cybercrime:

 

 

« Fake News Generated Against Hong Kong Protesters
Tech Giants Have Facilitated An Online Slavery Market »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.