Cyber Crime Is An Increasing Risk For Charities

Uploaded on 2019-11-11 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

The British regulator the Charity Commission has warned that smaller charities are more vulnerable to cybercrime and this is because they are more likely to have older trustees, who’s understanding of cyber and the issues surrounding it is very low. 

The research, commissioned by the Charity Commission and in partnership with the Fraud Advisory Panel, said that almost a quarter (22 percent) of respondents believe cyber crime is a greater risk to the charity sector than other sectors. Larger charities are generally more likely to appreciate the risk of cyber-crime and take action to prevent it.

The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising. It adds that 3 per cent of charities are known to have suffered a successful cyberattack in the past two years.  

  • The report also says charities are four times more likely to discover cybercrime through internal IT controls or from staff raising concerns than by all other external sources combined.
  • Less than a third of charities were found to be reporting cybercrimes to the police, while a quarter reported the crime to their bank.32 per cent did not report the cybercrime to anyone outside their organisation.
  • Over a third of charities that had suffered a cybercrime said it had no impact on the organisation.
  • Of charities that suffered negative consequences from an attack, 19 per cent reported financial loss and 15 per cent reported loss of data.
  • More than half (58 percent) of charities think cyber-crime is a major risk to the charity sector, according to new research into the fraud and cyber-crime risks facing charities.
  • Nearly half of the 3,300 charities surveyed in partnership with the Fraud Advisory Panel said their board had overall responsibility for cybersecurity.
  • Meanwhile, nearly 500 charities said that no one was responsible for cybercrime at their organisation.

The Commission’s advice is that charities should clarify who is responsible for their cybercrime risks and make it a governance priority for the board.

  • Charities see phishing and malicious emails as the greatest cyber-threat (39 percent), followed by hacking/extortion (15 percent) and Distributed Denial of Service (DDoS) attacks (two percent).
  • Over a third (36 percent) of charities don’t know which type of cyber-attacks they’re most vulnerable to. And nearly half of charities state that the Board has overall responsibility for cyber-security, whilst 15 percent state nobody has responsibility. For the remainder, nominated trustees, chief executives, or IT and finance directors have this responsibility.

Helen Stephenson, chief executive of the Charity Commission, said that charities, like other organisations, rely increasingly on digital technology to deliver on their purposes.

"It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe," she said.

Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. It is encouraging charities to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel. 

In related news, the release of the latest annual Crime Statistics in England and Wales has revealed a decline in computer misuse and computer virus offences. While computer viruses fell by 27 percent in the last year, to 442,000 offences, incidents involving unauthorised access to personal information, including hacking, did not change significantly and there were 535,000 offences.

Charity Commission:           SC Magazine:               Civil Society:          Image: Nick Youngson

You Might Also Read:

A Guide To Preventing Charity Cybercrime:

 

 

« Fake News Generated Against Hong Kong Protesters
Tech Giants Have Facilitated An Online Slavery Market »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.