More than a quarter of charities have suffered cyber security breaches or attacks in the past 12 months, new figures show.
The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, found that 26 per cent of the almost 500 voluntary sector organisations surveyed had reported such activity over the previous year.
The report shows that while charities generally compare favourably with businesses – 39 per cent of which said they had suffered cyber security breaches or attacks – the number rises to 51 per cent among charities with annual incomes of £500,000 or more.
A quarter of those organisations that had suffered attacks said they had to deal with them on a weekly basis.
The most common type of cyber attack for charities was phishing, identified by 79 per cent of respondents, which often involves trying to con recipients into giving away personal details or passwords.
That was followed some way behind by impersonation attacks, suffered by 23 per cent of respondents, where emails are sent out impersonating the charity.
Among the charities that identify breaches or attacks, the survey, which took place between October and January, found that 18 per cent ended up losing money, data or other assets.
And even if money, data or assets were not lost, four in 10 charities are still negatively affected for reasons such as requiring new, post-breach measures or having staff time diverted to deal with the problem, the report found.
The fallout of such attacks was highlighted last year when more than 100 UK charities reported being caught up in the Blackbaud cyber attack, which targeted commonly used financial software.
While the DCMS report makes it clear that cyber security is still a major issue for many charities, the proportions experiencing negative effects of breaches or attacks in 2021 are significantly lower than in 2019 and preceding years.
This is not because attacks are any less frequent, the report says, but it could be due to more organisations implementing basic cyber-security measures following the introduction of the General Data Protection Regulation in 2018.
Cyber security is also higher on the agenda of trustees, researchers found; 68 per cent of charities said it was a high priority for them, compared with 53 per cent who said the same in a previous study in 2018.