Charities and cyber attacks

During the Covid-19 pandemic and lockdown, a third of charities have suffered a cyber-attack, in addition, 1 in 20 charities have suffered an accidental data breach during the pandemic.

Phishing attacks are the most common threat, affecting 1 in 7 voluntary groups, followed by spear-phishing attacks, malware, and ransomware.

The findings, from Ecclesiastical Insurance, come after the Charity Commission revealed that fraudsters have stolen over £3.5 million from charities during the pandemic. The English and Welsh regulator received 645 reports of fraud and cybercrime between March and September.

A survey of 250 charities carried out by YouGov, released to coincide with Charity Fraud Awareness Week, found that 95% of charities are now working remotely. While 29% were already embracing remote working before the pandemic, two-thirds moved to remote working during the pandemic.

The transition to remote working has not been without its challenges though, with half of charities admitting to technological challenges while adapting to new ways of working. A third have been hampered by the lack of staff and volunteer skills, and a third have struggled to adapt in line with their culture.

Many charities have stepped up cyber-security as a result of the shift to remote working caused by the pandemic. Many charities claim to be fully prepared to deal with cyber attacks, however almost half (45%) have not taken any steps at all to increase protection for staff working from home.

Angus Roy, charity director at Ecclesiastical Insurance, said: “The move to remote working has presented technological challenges for all organisations, and this has created opportunities for cyber-criminals. Like everyone else, charities can be susceptible to fraud and cyber-crime.

“Our research has found that while some charities have taken steps to protect staff working from home, many are still not taking the threat of cyber fraud seriously. All charities, even those with relatively small reserves to call upon, can take simple steps to boost resilience to fraud and cybercrime.”

Sign up for more information



Organisation name*


Search Insights