More than a fifth of charities have suffered cyber breaches or attacks in the past 12 months, new government figures show.
The Cyber Security Breaches Survey 2019, based on research carried out by the Department for Digital, Culture, Media and Sport, the University of Portsmouth and the polling company Ipsos Mori, says that 22 per cent of charities had been targeted, a similar proportion to those that fell victim to cyber offences in the previous year.
Charities that suffered cyber breaches lost on average £9,470 a year, the survey found.
Of those charities targeted, 81 per cent said phishing attacks – in which fake emails and websites are used to gather personal information – were among the methods used.
Three-quarters of the 514 charities that took part in the study said cyber security was now a high priority for their senior management, compared with half of those polled last year.
The survey found that significantly more charities were training staff in cyber security, updating senior management on the issue, putting written cyber policies in place and taking action to identify cyber risks.
The introduction of the General Data Protection Regulation last year led to 36 per cent of charities making changes to their cyber security strategies, the survey found.
Sixty per cent of those that made changes after the GDPR created entirely new cyber security policies, researchers found.
There was also a 15 percentage-point increase in the proportion of charities putting cyber security policies in place, with 36 per cent of respondents to the survey having done so.
Half of charities also sought external guidance on the cyber security strategy, the survey found.
But only 6 per cent of charities said they had cyber insurance in place, despite the threat, and only three in 10 had board members with cyber security responsibilities.