Charities 'must do more on cyber security', government warns

Report finds some charities consider cyber security more of an issue for businesses than voluntary sector organisations

Charities must do more to protect the data they hold against the risk of a cyber attack, the government and the Charity Commission have warned.

A report published today by the Department for Digital, Culture, Media and Sport highlights a need for basic awareness raising of cyber-security issues among charity staff and trustees.

The report, commissioned by the DCMS, is based on in-depth interviews carried out by the research company Ipsos Mori with representatives from 30 charities from a range of income levels.

It says that while some charities considered it important they kept up-to-date about cyber threats, others considered it more of an issue for businesses than charities.

Researchers found that charities interviewed did not typically have internal specialist staff with technical skills to cover cyber security.

Responsibility for cyber security was often held by someone with a different core role or with multiple responsibilities, the report says.

"Competing demands on time and resources – with greater focus often given to areas such as fundraising and delivery – meant that cyber security was often deprioritised and could lack investment," it says.

It was uncommon to find charities that had provided cyber-security training to any of their staff or volunteers, the report says.

"As a result, there was often a reliance on outsourced IT providers, as well as informal sources of support such as friends, family or other local charities," it says.

The report on charities has been published as part of a wider "cyber health check" issued by the government today, which found that 10 per cent of FTSE 350 companies operated without a response plan for a cyber incident.

Helen Stephenson, chief executive of the Charity Commission, said charities must do more to educate their staff about the risk of a cyber attack.

"Charities have lots of competing priorities but the potential damage of a cyber-attack is too serious to ignore," she said.

"It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation."

Stephenson encouraged charities to follow advice on the Charities Against Fraud website, which was launched last year by the Charity Sector Counter-Fraud Group, a group of umbrella bodies, charities and fraud experts established to prevent and detect financial crime against the voluntary sector.

Matt Hancock, the digital minister, said: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right."

He said charities "must do better to protect the sensitive data they hold" and called on them to access a forthcoming tailored programme of support the government was developing with the Charity Commission and the National Cyber Security Centre.

 - Read Third Sector's series of special reports on cyber security here 

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in