THIRD SECTOR PROMOTION

How bad can cyber crime really get: cyber fraud #1

Third Sector Promotion Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...

The charity sector is becoming increasingly vulnerable to cyber fraud.

Government figures from April 2019 show that 22% of charities reported having a cyber attack or breach over the previous year.

Cyber incidents can have a serious impact on any organisation with inadequate security measures and, despite this, there is still a perception that charities do not face the same levels of risk as commercial entities.

In a sector that relies on the generosity of others, it is easy to believe that everyone would act in your best interests.

The reality is that most fraudsters do not care whether your mission is saving animals or pleasing shareholders.

According to the National Cyber Security Centre (NCSC): "The majority of cyber attacks are untargeted and opportunistic in nature, with the attacker hoping to take advantage of a weakness or vulnerability in a system, without any regard for who that system belongs to."

"As you’d expect, financial gain is often the main motivation for cyber criminals," says Liam Greene, professional and management risks manager at Markel UK. "Like any other criminal activity, there are ways around security – particularly in smaller organisations using unsecure IT systems."

For some cyber criminals, charities are an attractive target. The sector’s revenues – totalling £50.6bn in 2016-17, according to the figures from the National Council for Voluntary Organisations (NCVO) – present a significant source of income. Fraudsters are also interested in getting hold of the vast amounts of sensitive and personal information that charities keep on people who have gifted money.

Inside out

But security threats do not always come from an external source. Analysis by the Charity Commission in 2016 found that around a third of a sample of frauds in the sector were insider jobs.

While these types of incidents can include accounting fraud, information theft and inflated expenses, cyber risks are often created unintentionally from internal sources including data sharing and storage, homeworking and social media.

Regardless of where the risk originates, a breach can have long lasting reputational damage on an organisation. Media coverage of a badly handled attack could discourage people from donating if they think their data may be compromised.

"The result of a cyber attack or breach is not just the theft itself, but also the efforts needed to contain and recover. This means the added time and costs of handling the ICO, IT forensics, system damage and downtime, as well as the negative PR that can arise from a data breach," Greene explained.

Other hackers can have a more direct impact on your public standing by sabotaging messaging on your website and marketing materials to push their own agendas.

Cyber attacks that disrupt computer systems could interrupt your daily activities or affect your ability to perform core services.
You may have to divert vital resources to recover or rebuild any data affected by these incidents. And in some cases information lost in a breach will not be recoverable.

GDPRrrrgh!?

Your organisation could also face regulatory penalties for cyber or data breaches. Under GDPR, the Information Commissioner’s Office can issue fines of up to £18 million (€20 million) or 4 percent of global turnover, whichever value is higher, for data breaches.

When these penalties are factored in with legal costs and IT security costs, a cyber incident can significantly drain your finances.

And the combined impact of operational, financial and reputational damage could ultimately force you to reassess your future development plans.
But with a solid online security strategy your organisation should be able to protect itself against data breaches and remain focused on its charitable objectives.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in

Expert Articles: Risk Management

Advice on risk from Markel, a specialist insurance company working with charities, community groups, trustees, social enterprises and care providers.

What to do in the case of a breach: cyber fraud #2

What to do in the case of a breach: cyber fraud #2

Promotion from Markel

In the second part of our series, we look at how to respond to a breach.

How bad can cyber crime really get: cyber fraud #1

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...

Managing cyber risk in the third sector

Managing cyber risk in the third sector

Promotion from Markel

Cyber risks should be high on the risk management agenda of third sector organisations as incidents hit the headlines and burden small organisations with increasing frequency.

Charity property: could you be entitled to a huge VAT saving?

Charity property: could you be entitled to a huge VAT saving?

Promotion from Markel

When a property is being constructed, VAT is charged at the standard rate. But if you're a charity, health body, educational institution, housing association or finance house, the work may well fall into a category that justifies zero-rating - and you could make a massive saving

Guide to insuring charity premises

Guide to insuring charity premises

Promotion from Markel

Repairing or replacing damaged property can come at great cost to a charity so it's important to ensure you have the correct insurance cover in place. This article explains what you need to consider when insuring your premises

Guide to employing and insuring volunteers

Guide to employing and insuring volunteers

Promotion from Markel

Volunteers play an important part in most charities but without the right practice in place things can go wrong. This article looks at what a charity should consider when employing volunteers.

Third Sector Awards interview: The Children's Sleep Charity

Third Sector Awards interview: The Children's Sleep Charity

Promotion from Markel

At the 2018 Third Sector Awards, specialist insurer Markel had the opportunity to speak to charities about their approach to risk management.

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now