Cyberattacks Focus On Big UK Charities

Uploaded on 2018-05-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Seven in ten large UK charities have experienced cyber security breaches in the last 12 months. Charities are exposed to further online risks. Around three in ten enable people to donate online (31%) and just under three in ten allow beneficiaries to access their services online (27%). 

This is especially true of larger charities (53% of charities with an income of £500,000 or more let people donate online, and 49% enable beneficiaries to access services online). 

Organisations of all sizes, and a substantive majority of large businesses and charities in particular, have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks. 

The Cyber Security Breaches Survey 2018 carried out by Ipsos Mori on behalf of the Department for Culture, Media and Sport, found that large charities are often exposed to greater cyber risks than businesses.
This is because over half (53%) of them allow people to donate online and just under half (49%) enable beneficiaries to access services online.

Of the large charities that had identified breaches or attacks, 37% needed new measures to prevent or protect against future breaches, 40% used additional staff time to deal with breaches and 28% said that breaches had stopped staff carrying out day-to-day work.

Breaches were more often identified among organisations that hold personal data or where staff use personal devices for work.

The survey found that the use of personal devices was much more prevalent in charities (65%) than in businesses (45%).
Only half (53%) of all charities said that cyber security was a high priority for their organisation’s senior management and just a quarter (24%) had trustees with a specific responsibility for cyber security.

Only two in ten charities (21%) said they had a cybersecurity policy or policies and just 8% said they had a cyber security incident management process in place. 

The quantitative survey finds that two-fifths (38%) of businesses and just over two-fifths (44%) of charities are aware of GDPR (at the time of fieldwork in winter 2017). Of these, 13 per cent of businesses and nine per cent of charities had amended their cyber security policies or processes specifically in preparation for GDPR. 

Sheila Pancholi, a technology risk assurance partner at auditing firm RSM, said: “This survey very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches, yet there appears to be a degree of complacency when it comes to preventing and responding to cyber-attacks.

‘There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a Board level issue to ensure it gets the required level of focus.

‘It’s particularly interesting that the survey found that cyber breaches are more prevalent when staff are allowed to use their own personal devices for work. This is an area of particular risk for charities and one that we have been warning our clients about for some time.

“Personal devices should be managed and controlled via a formal bring your own device policy will includes ensuring that controls applied to systems which are managed and owned by the charity are also consistently applied to personal devices which staff want to use for work related purposes.

“This is ever more important given the impending 25 May deadline for GDPR coming into force to strengthen personal data governance. The reality is that (like all organisations) charities are only as strong as the weakest link in their network.”
Cyber Insurance 

A small minority of businesses and charities say they have a specific cyber security insurance policy (nine per cent and four per cent respectively). 

This was more common among businesses in the finance or insurance sectors (20%), and among medium (19%) and large businesses (24%). Among charities, cyber insurance is more common among high-income charities (20% among those with incomes of £500,000 or more). 

Among the organisations without insurance, the most common reason given for not taking it up is that they do not consider themselves at enough of a risk to warrant it (41% of the businesses and 53% of the charities without insurance). 

ThirdForceNews:           DCMS

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Cyber Insurance Report 2017 - 2018

BYOD Security Is Critical For Business:

 

« Three Ways That Automation & Machine Learning Are Changing Data Centres
Canadian Tech Used To Censor The Internet »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

BlockSec

BlockSec

BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top security researchers and experiencedexperts from both academia and industry.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Pillar Security

Pillar Security

Pillar Security are building the unified AI security platform to identify, assess, and mitigate security risks across your entire AI lifecycle.