Cyber Crime Is An Increasing Risk For Charities

Uploaded on 2019-11-11 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

The British regulator the Charity Commission has warned that smaller charities are more vulnerable to cybercrime and this is because they are more likely to have older trustees, who’s understanding of cyber and the issues surrounding it is very low. 

The research, commissioned by the Charity Commission and in partnership with the Fraud Advisory Panel, said that almost a quarter (22 percent) of respondents believe cyber crime is a greater risk to the charity sector than other sectors. Larger charities are generally more likely to appreciate the risk of cyber-crime and take action to prevent it.

The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising. It adds that 3 per cent of charities are known to have suffered a successful cyberattack in the past two years.  

  • The report also says charities are four times more likely to discover cybercrime through internal IT controls or from staff raising concerns than by all other external sources combined.
  • Less than a third of charities were found to be reporting cybercrimes to the police, while a quarter reported the crime to their bank.32 per cent did not report the cybercrime to anyone outside their organisation.
  • Over a third of charities that had suffered a cybercrime said it had no impact on the organisation.
  • Of charities that suffered negative consequences from an attack, 19 per cent reported financial loss and 15 per cent reported loss of data.
  • More than half (58 percent) of charities think cyber-crime is a major risk to the charity sector, according to new research into the fraud and cyber-crime risks facing charities.
  • Nearly half of the 3,300 charities surveyed in partnership with the Fraud Advisory Panel said their board had overall responsibility for cybersecurity.
  • Meanwhile, nearly 500 charities said that no one was responsible for cybercrime at their organisation.

The Commission’s advice is that charities should clarify who is responsible for their cybercrime risks and make it a governance priority for the board.

  • Charities see phishing and malicious emails as the greatest cyber-threat (39 percent), followed by hacking/extortion (15 percent) and Distributed Denial of Service (DDoS) attacks (two percent).
  • Over a third (36 percent) of charities don’t know which type of cyber-attacks they’re most vulnerable to. And nearly half of charities state that the Board has overall responsibility for cyber-security, whilst 15 percent state nobody has responsibility. For the remainder, nominated trustees, chief executives, or IT and finance directors have this responsibility.

Helen Stephenson, chief executive of the Charity Commission, said that charities, like other organisations, rely increasingly on digital technology to deliver on their purposes.

"It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe," she said.

Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. It is encouraging charities to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel. 

In related news, the release of the latest annual Crime Statistics in England and Wales has revealed a decline in computer misuse and computer virus offences. While computer viruses fell by 27 percent in the last year, to 442,000 offences, incidents involving unauthorised access to personal information, including hacking, did not change significantly and there were 535,000 offences.

Charity Commission:           SC Magazine:               Civil Society:          Image: Nick Youngson

You Might Also Read:

A Guide To Preventing Charity Cybercrime:

 

 

« Fake News Generated Against Hong Kong Protesters
Tech Giants Have Facilitated An Online Slavery Market »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

3Lines Venture Capital

3Lines Venture Capital

3Lines Venture Capital invests in exceptional founders and startups working on broad disruptive themes of Future of Work, AI enabled enterprises, and Industry 4.0.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Morrow Global Network

Morrow Global Network

Morrow is the global venture network for venture accelerators, studios, hubs, and their visionary leaders.