Charities are victims of cyber attacks

More than a quarter of charities have fallen victim to a cyber-attack over the last year, official figures have revealed.

The Department for Digital, Culture, Media and Sport (DDCMS)’s Cyber Breaches Survey for 2021 found that 26% of charities have reported either a cybersecurity breach or attack over the last 12 months.

More than a quarter of charities have fallen victim to a cyber-attack over the last year, official figures have revealed.

The Department for Digital, Culture, Media and Sport (DDCMS)’s Cyber Breaches Survey for 2021 found that 26% of charities have reported either a cybersecurity breach or attack over the last 12 months.

Larger charities, which conduct more of their business online, are more likely to fall victim to cyber-criminals. Attacks being reported by 51% of high-income charities.

Among charities attacked, around a quarter experienced a breach or attack at least once a week. The most common are phishing attacks, which are experienced by more than three-quarters of charities affected by cybercrime. Other less common types of breaches included unauthorised listening into video conferencing, taking over the charity’s accounts and hacking bank accounts.

In around a fifth of cases, charities end up losing money, data or other assets. Four in ten charities report being negatively impacted regardless of data or money being lost. This may be because they require new post-breach measures or have to divert staff time to deal with any disruption, says the DDCMS.

The Covid-19 health crisis has stretched many charities’ cybersecurity resources, with more transactions made online and an increased number of staff working remotely, adds the DDCMS. A secure online platform for payments and remote working is essential.

However, only 70% of charities claim that cybersecurity is a “high priority” for their trustees. Only a quarter of charities have cybersecurity policies in place that cover the growth of home working among organisations during the Covid-19 pandemic. A similar proportion have policies that cover the use of personal devices for work.

Some 17% of charities said that they were using an old, unsupported, version of Windows. This was slightly lower than businesses. Overall one-third of charities have a trustee who is responsible for cybersecurity.

“Under the pandemic, organisations are perhaps less aware of the breaches and attacks they are facing,” says the DDCMS.

“Upgrading hardware, software and systems has also become more difficult.

“With staff working at home, there are more endpoints for organisations to keep track of.

“In this environment, we have seen falls in the proportions of businesses and charities taking more basic actions like updating their anti-malware across devices and setting up network firewalls.”

Sign up for more information


Search Insights