Charities

Charities

The “third sector” in the UK generates circa £100 billion annually and stands out as a highly attractive target for cyber criminals seeking financial gain, access to sensitive or valuable information, or to disrupt charities’ activities.

Key factors stand out that specifically raise the cyber threat and impact for charities and non-profits:

  • Many charities are reluctant to spend donor resources on enhancing cyber security, rather than on front line charitable work
  • A high volume of staff who work part time, including volunteers, with less capacity to absorb security procedures or awareness to the threat of cyber crime
  • Charities are more likely than “businesses” to rely on staff using personal IT (Bring Your Own Device) which is less easy to secure and manage than centrally issued IT
  • The impact of any cyber-attack on a charity is particularly high; often charities have limited funds, minimal insurance coverage and are a “supplier of last resort”, providing services where there is insufficient government or affordable private sector alternatives

Boards and Trustees

The Board is responsible for making sure a charity is taking appropriate measures to protect itself from a cyber-attack, as opposed to the popular view that this responsibility falls on the IT department, or third-party providers.

While charity board members don’t need to be technical experts, they do need to know enough about the importance of cyber security, to enable educated discussions and collaboration with key staff.

In addition, Trustees are legally obliged to comply with charity law requirements and other laws applicable to the sector, so compliance with relevant data protection legislation is a fundamental part of a trustee’s responsibilities.

Charity cyber-attack data

Why Charities?

The third sector is a highly attractive target for cyber criminals, and the data below goes some way to highlighting the reasons why:

  • England and Wales: 169,029 registered charities, combined annual income of £83.8 billion
  • Scotland: 24,020 registered charities, combined annual income of £13.6 billion
  • Northern Ireland: 6,691 registered charities, combined annual income of £2.3 billion
  • The sector collects and processes huge volumes of personal data from customers, donors or stakeholders
  • Regular sharing of data with external organisations such as marketing companies
  • Cyber criminals and other groups may be able to gain access to charities’ networks and/or information through these companies (supply chain risk is key in cyber security)

Next Steps

The charity and non-profit sector is an ever-rising target for malicious cyber-attack, for a variety of reasons outlined above.

Leaders and Trustees must adopt the mindset that it is a question of “when” an attack will take place, rather than “if”, and that this could manifest not only as a direct attack on organisation – but also via their critical supply chain and/or trusted stakeholders.

Further Information:

To find out how our team can support your organisation to improve its cyber defences and reduce the likelihood and impact of a successful attack, contact us today: info@mooreclear.com

Get in touch

Get in touch with our expert not-for-profit team now.

Contact our experts

Key Contacts

View a list of our team and their experience now.

View Team
  • Certified Information Systems Auditor
  • Certified Information Security Manager
  • Certified Information Systems Security Professional
  • In association with National Cyber Security Centre
  • Cyber Essentials
  • Cyber Essentials Plus
  • IASME Cyber Assurance - Level Two
  • IASME Cyber Assurance - Level One
  • An ISO 9001:2015 Certified Company
  • Official Supplier to National Care Association