How safe are your assets – over a quarter of Charities suffered cyber security breach in the last year!

The Department for Digital, Culture, Media and Sport’s (DCMS) Cyber Security Breaches Survey 2020 highlighted that 26% of Charities have suffered a cyber security breach in the last 12 months. This is a stark reminder of the very real cyber risks faced by the sector and the growing sophistication of the methods the culprits try to use.

Private company findings are much higher at 46% but remain in line with those back in 2017 (the first survey). The charity findings show a rising incidence, from 19% in 2018 (when Charities were first surveyed) and 22% in 2019, to 26 per cent in 2020. This may mean that more Charities are being targeted but could also mean that they are better at identifying breaches than before. Of the 26% of Charities reporting breaches or attacks (25%) suffered loss of funds or data and 56% were negatively impacted in terms of management costs and disruption to operations.

The introduction of General Data Protection Regulations (“GDPR”) in May 2018 has undoubtedly had a positive influence on the sector’s approach to cyber security. A third of Charities changed their cyber security as a result of GDPR. This is best illustrated by looking at staff training, 29% of Charity staff attended cyber attack training compared to 15% in 2018.

The expectation is that GDPR will have an ongoing positive impact on cyber security. It has forced a step change in both mind-set, the perception of responsibility and behaviour towards data security, which can only continue to yield positive rewards.

Despite these really positive steps the sector cannot be complacent, still some Charities have taken too little action and the tools used by the fraudsters become increasingly more sophisticated. The results show that only 49% of Charities have reviewed their internal procedures around fraud in the last year and 74% of Charities say that cyber security is a high priority, somewhat lower than in the private sector at 80%. Cyber crime should be a key operational risk in every Charity with the policy regularly reviewed and thoroughly implemented.


Top 10 tips for tacking cyber fraud


  1. Have a strong password and change them often – try not to use things people could guess such as your child’s name or a birthday and always make sure your email has a unique password.


  1. Keep your software up to date – patches in software fix vulnerabilities, by not updating your software you might be leaving yourself vulnerable.


  1. Make sure you have Antivirus – your Antivirus will protect you from Malicious Software (Malware) and Viruses. It is not just computers that can be attacked it is also tablets and phones so make sure these are protected too. Malware can lock you out of your device, steal your data and even spy on you in your own home. So make sure you are protected and that you do the regular Antivirus updates.


  1. Make sure you back up your data – copy your data to external drives and cloud storage. It is great to use auto back up so you don’t forget but always ensure that you do a check regularly to make sure that it is still working!


  1. Use Two-Factor Authentication (2FA) – passwords can be stolen or even guessed by fraudsters but 2FA gives you an extra layer of protection. This will be something that only you can access such as a code sent by text or via an App on your phone.


  1. Take care when you use free WiFi – remember free WiFi is not secure and someone could be monitoring what you are doing.


  1. Don’t just click on links and attachments – always makes sure you can verify where links and attachments have come from, look for anything unusual in the email or the senders email address. If in doubt call the person before you open it – better safe than sorry! Opening harmful links can infect your devises and/or give criminals access to your devise.


  1. It is not always good to share – be careful what you share on Social Media and check your privacy settings. Criminals can gather huge amounts of personal information from Social Media which may enable them to perpetrate online crime against you e.g. You excitedly post that you have attended your school reunion with some pictures – this would allow the criminal to answer the “Name your school” security question which is often used to protect online accounts.


  1. Never freely give personal information out – criminals often pose as other people to fraudulently obtain your personal data, often posing as someone you trust e.g. the bank, HMRC, the police to obtain information from you.


  1. Report all fraud and cyber crime to Action Fraud – even if you’ve not lost out report every incident. By reporting you are helping the authorities better understand and disrupt the activity of online criminals. Data is also gathered to form educational information and increase our defence against these activities. Report to Action Fraud on or telephone 0300 123 2040.


If you have any further questions or queries please contact us at: