A third of charities that were victims of cyber crime did not report it to anyone outside the charity, including the police, their bank or the Charity Commission, according to a report published today by the regulator.
The report, Preventing Charity Cybercrime, says only 29 per cent of respondents to a cyber crime survey reported crimes to the police, a quarter to their bank and 13 per cent to the Charity Commission.
Thirty-two per cent did not report the cyber crime to anyone outside the charity, the report found.
The findings are based on responses from about 3,300 charities to a survey on cyber crime sent out by the Charity Commission and the Fraud Advisory Panel.
The report says that 84 per cent of respondents said they would report cyber crime to the board.
More than two-thirds of charities that had been victims of cyber crime made changes to their IT, training or websites as a result, the report says.
The report adds that a third of charities did not know what types of cyber crime they were most vulnerable to.
Half of respondents said the board had overall responsibility for cyber security, and 15 per cent said no one at the charity did, with the rest nominating individual trustees, the chief executive, or IT or finance directors.
Researchers found that 58 per cent of charities thought cyber crime was a major risk to the charity sector, with 22 per cent believing charities were more at risk than other organisations.
They found that 3 per cent of charities had been victim to a successful cyber attack in the previous two years, but the report says that it is likely that many other attacks had gone undetected.
Phishing and malicious emails accounted for more than half of all cyber crimes, according to the report, followed by hacking and extortion, which made up almost a third of attacks.
"Large charities are more likely than smaller charities to be the victim of a cyber crime, with phishing/malicious emails the most common method of attack," the report says.
"The high volume of such attacks means that virtually any organisation can fall victim. Smaller charities remain a target."
The report says that charities should take steps to acknowledge the threat of cyber crime, clarify where responsibility for dealing with the issue lies and raise awareness internally of the threat.
It also suggests reporting successful cyber crimes to the board and external regulators, and adopting a proactive approach to preventing cyber crime.