Cyberattacks Focus On Big UK Charities

Seven in ten large UK charities have experienced cyber security breaches in the last 12 months. Charities are exposed to further online risks. Around three in ten enable people to donate online (31%) and just under three in ten allow beneficiaries to access their services online (27%). 

This is especially true of larger charities (53% of charities with an income of £500,000 or more let people donate online, and 49% enable beneficiaries to access services online). 

Organisations of all sizes, and a substantive majority of large businesses and charities in particular, have been breached or attacked. Those with more potential risk factors are also among the most likely to experience cyber security breaches or attacks. 

The Cyber Security Breaches Survey 2018 carried out by Ipsos Mori on behalf of the Department for Culture, Media and Sport, found that large charities are often exposed to greater cyber risks than businesses.
This is because over half (53%) of them allow people to donate online and just under half (49%) enable beneficiaries to access services online.

Of the large charities that had identified breaches or attacks, 37% needed new measures to prevent or protect against future breaches, 40% used additional staff time to deal with breaches and 28% said that breaches had stopped staff carrying out day-to-day work.

Breaches were more often identified among organisations that hold personal data or where staff use personal devices for work.

The survey found that the use of personal devices was much more prevalent in charities (65%) than in businesses (45%).
Only half (53%) of all charities said that cyber security was a high priority for their organisation’s senior management and just a quarter (24%) had trustees with a specific responsibility for cyber security.

Only two in ten charities (21%) said they had a cybersecurity policy or policies and just 8% said they had a cyber security incident management process in place. 

The quantitative survey finds that two-fifths (38%) of businesses and just over two-fifths (44%) of charities are aware of GDPR (at the time of fieldwork in winter 2017). Of these, 13 per cent of businesses and nine per cent of charities had amended their cyber security policies or processes specifically in preparation for GDPR. 

Sheila Pancholi, a technology risk assurance partner at auditing firm RSM, said: “This survey very clearly shows that charities are incurring considerable cost and disruption from cyber security breaches, yet there appears to be a degree of complacency when it comes to preventing and responding to cyber-attacks.

‘There is much more that charities need to do when it comes to raising staff awareness through training, identifying and managing cyber related risks and adopting good-practice technical controls. Cyber security must be made a Board level issue to ensure it gets the required level of focus.

‘It’s particularly interesting that the survey found that cyber breaches are more prevalent when staff are allowed to use their own personal devices for work. This is an area of particular risk for charities and one that we have been warning our clients about for some time.

“Personal devices should be managed and controlled via a formal bring your own device policy will includes ensuring that controls applied to systems which are managed and owned by the charity are also consistently applied to personal devices which staff want to use for work related purposes.

“This is ever more important given the impending 25 May deadline for GDPR coming into force to strengthen personal data governance. The reality is that (like all organisations) charities are only as strong as the weakest link in their network.”
Cyber Insurance 

A small minority of businesses and charities say they have a specific cyber security insurance policy (nine per cent and four per cent respectively). 

This was more common among businesses in the finance or insurance sectors (20%), and among medium (19%) and large businesses (24%). Among charities, cyber insurance is more common among high-income charities (20% among those with incomes of £500,000 or more). 

Among the organisations without insurance, the most common reason given for not taking it up is that they do not consider themselves at enough of a risk to warrant it (41% of the businesses and 53% of the charities without insurance). 

ThirdForceNews:           DCMS

You Might Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

Cyber Insurance Report 2017 - 2018

BYOD Security Is Critical For Business:

 

« Three Ways That Automation & Machine Learning Are Changing Data Centres
Canadian Tech Used To Censor The Internet »

Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Distributed Ledger Inc (DLI)

Distributed Ledger Inc (DLI)

Distributed Ledger is a blockchain integrator and service provider helping businesses integrate blockchain technology into their existing systems and processes.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Respond Software

Respond Software

Respond Software provides smart security operations software for businesses of every size.

Australian Cyber Collaboration Centre (A3C)

Australian Cyber Collaboration Centre (A3C)

A3C assists business to understand and navigate the cyber ecosystem to address their specific cyber needs. It is a central connection point for businesses looking to improve their cyber resilience.