Cyberattacks Focus On Big UK Charities

Uploaded on 2018-05-14 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Seven in ten large UK charities have experienced cyber security breaches in the last 12 months. Charities are exposed to further online risks. Around three in ten enable people to donate online (31%) and just under three in ten allow beneficiaries to access their services online (27%). 

This is especially true of larger charities (53% of charities with an income of £500,000 or more let people donate online, and 49% enable beneficiaries to access services online). 

Organisations of all sizes, and a substantive majority of large businesses and charities in particular, have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks. 

The Cyber Security Breaches Survey 2018 carried out by Ipsos Mori on behalf of the Department for Culture, Media and Sport, found that large charities are often exposed to greater cyber risks than businesses.
This is because over half (53%) of them allow people to donate online and just under half (49%) enable beneficiaries to access services online.

Of the large charities that had identified breaches or attacks, 37% needed new measures to prevent or protect against future breaches, 40% used additional staff time to deal with breaches and 28% said that breaches had stopped staff carrying out day-to-day work.

Breaches were more often identified among organisations that hold personal data or where staff use personal devices for work.

The survey found that the use of personal devices was much more prevalent in charities (65%) than in businesses (45%).
Only half (53%) of all charities said that cyber security was a high priority for their organisation’s senior management and just a quarter (24%) had trustees with a specific responsibility for cyber security.

Only two in ten charities (21%) said they had a cybersecurity policy or policies and just 8% said they had a cyber security incident management process in place. 

The quantitative survey finds that two-fifths (38%) of businesses and just over two-fifths (44%) of charities are aware of GDPR (at the time of fieldwork in winter 2017). Of these, 13 per cent of businesses and nine per cent of charities had amended their cyber security policies or processes specifically in preparation for GDPR. 

Sheila Pancholi, a technology risk assurance partner at auditing firm RSM, said: “This survey very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches, yet there appears to be a degree of complacency when it comes to preventing and responding to cyber-attacks.

‘There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a Board level issue to ensure it gets the required level of focus.

‘It’s particularly interesting that the survey found that cyber breaches are more prevalent when staff are allowed to use their own personal devices for work. This is an area of particular risk for charities and one that we have been warning our clients about for some time.

“Personal devices should be managed and controlled via a formal bring your own device policy will includes ensuring that controls applied to systems which are managed and owned by the charity are also consistently applied to personal devices which staff want to use for work related purposes.

“This is ever more important given the impending 25 May deadline for GDPR coming into force to strengthen personal data governance. The reality is that (like all organisations) charities are only as strong as the weakest link in their network.”
Cyber Insurance 

A small minority of businesses and charities say they have a specific cyber security insurance policy (nine per cent and four per cent respectively). 

This was more common among businesses in the finance or insurance sectors (20%), and among medium (19%) and large businesses (24%). Among charities, cyber insurance is more common among high-income charities (20% among those with incomes of £500,000 or more). 

Among the organisations without insurance, the most common reason given for not taking it up is that they do not consider themselves at enough of a risk to warrant it (41% of the businesses and 53% of the charities without insurance). 

ThirdForceNews:           DCMS

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Cyber Insurance Report 2017 - 2018

BYOD Security Is Critical For Business:

 

« Three Ways That Automation & Machine Learning Are Changing Data Centres
Canadian Tech Used To Censor The Internet »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Network Intelligence

Network Intelligence

Network Intelligence are a global cybersecurity provider offering services across 6 broad spectrums - Assessment, BCMS, GRC, Professional Services, MSSP & Training.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Phylum

Phylum

Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.