Security by Sector: Charity Workers Least Likely to Receive Email Security Training

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

Email security issues are a problem for all industries, but some new research from Tessian recently revealed that the charity sector is particularly at risk with charity workers the least likely to receive regular email security training.

The company surveyed 1000 UK employees and whilst it highlighted problems with the regularity and effectiveness of email security training across various industries, the findings relating to the charity sector were eye-opening.

Nearly two in five (37%) charity workers polled said they have not had any training on email security, with just 11% stating that they receive such training regularly.

These findings are pretty concerning, especially given the fact that, according to a report from the Department of Culture, Media and Sport (DCMS), one in five charities fell victim to a cybersecurity breach in 2018, with 81% of attacks resulting from a fraudulent email. The National Cyber Security Centre issued a warning and a security guidance document to the charity sector last year, saying it is “absolutely not immune” to attacks. 

The charity sector is one that processes not only large amounts of (potentially very sensitive) data, but also huge sums of money, so the fact that Tessian found it to be the industry with the highest percentage of employees not trained against email cyber-threats – ahead of social, care, teaching and education, transport and logistics, and engineering and manufacturing – is a worry.

Tim Sadler, CEO at Tessian, said: “When you consider the wealth of certain charities and how much valuable donor data they hold, such as the personal data and payment information of high net-worth individuals, it is little wonder why hackers target this sector.

“Through sophisticated phishing attacks, criminals can not only cause significant financial damage but they can also erode public trust in the charity and potentially expose donors’ private interests. With so much at stake, and as phishing attacks grow in frequency and severity, charities need a more proactive approach to email security training.”

What’s hot on Infosecurity Magazine?