More than a quarter of charities faced cyber attacks last year, government figures show

Figures from the Department for Digital, Culture, Media and Sport indicate that 26 per cent of voluntary sector organisations had a cyber-breach or attack in 2020

More than a quarter of charities have suffered cyber security breaches or attacks in the past 12 months, new figures show. 

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, found that 26 per cent of the almost 500 voluntary sector organisations surveyed had reported such activity over the previous year. 

The report shows that while charities generally compare favourably with businesses – 39 per cent of which said they had suffered cyber security breaches or attacks – the number rises to 51 per cent among charities with annual incomes of £500,000 or more. 

A quarter of those organisations that had suffered attacks said they had to deal with them on a weekly basis. 

The most common type of cyber attack for charities was phishing, identified by 79 per cent of respondents, which often involves trying to con recipients into giving away personal details or passwords. 

That was followed some way behind by impersonation attacks, suffered by 23 per cent of respondents, where emails are sent out impersonating the charity. 

Among the charities that identify breaches or attacks, the survey, which took place between October and January, found that 18 per cent ended up losing money, data or other assets

And even if money, data or assets were not lost, four in 10 charities are still negatively affected for reasons such as requiring new, post-breach measures or having staff time diverted to deal with the problem, the report found. 

The fallout of such attacks was highlighted last year when more than 100 UK charities reported being caught up in the Blackbaud cyber attack, which targeted commonly used financial software

While the DCMS report makes it clear that cyber security is still a major issue for many charities, the proportions experiencing negative effects of breaches or attacks in 2021 are significantly lower than in 2019 and preceding years. 

This is not because attacks are any less frequent, the report says, but it could be due to more organisations implementing basic cyber-security measures following the introduction of the General Data Protection Regulation in 2018.

Cyber security is also higher on the agenda of trustees, researchers found; 68 per cent of charities said it was a high priority for them, compared with 53 per cent who said the same in a previous study in 2018.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners