The UK’s National Cyber Security Centre (NCSC) has issued new guidance for charities designed to bolster their cybersecurity in the face of mounting threats.
The document, Cyber Threat Report: UK Charity Sector, outlines the main threats to the sector and explains how organizations can enhance their cyber-resilience.
With a combined income of £100bn, the country’s 200,000 charities boast around six million volunteers and full-time employees. Around a third (30%) of them recorded a cyber-attack or breach over the past 12 months, according to a 2022 government report.
The NCSC warned that charities are exposed to the same threats as most commercial organizations – ransomware, business email compromise, phishing and scam websites. However, they may be particularly vulnerable to attack given their high reliance on BYOD, large number of volunteers, minimal insurance coverage and limited funds to spend on cyber, it claimed.
Charities not only suffer direct cyber-attacks but also fraudsters masquerading as them, which can divert vital funds donated by members of the public.
“More charities are now offering online services and fundraising online, meaning reliable, trusted digital services are more important than ever. During the Ukraine crisis, we saw more criminals taking advantage of the generosity of the public, masquerading as charities for their own financial gain,” said NCSC CEO, Lindy Cameron.
Helen Stephenson, CEO of the Charity Commission for England and Wales, argued that cybersecurity is no longer an optional extra for the sector but a critical part of good governance.
“Charities play a crucial role in our society and in every community – they save lives, and they provide many of the services that make life worth living. All charities ultimately rely on public trust and continued public generosity,” she added.
“So the impact of any cyber-attack on a charity can therefore be devastating, not just for the organization and those who rely on its services, but also in undermining public confidence and support.”
The NCSC made several recommendations in its report, urging charities to:
- Read the report’s specially crafted guidance for the sector
- Use its staff training resources to improve employee cyber-awareness
- Use the NCSC’s Active Cyber Defence services for enhanced resilience
- Ensure the charity’s board understands its responsibilities regarding cybersecurity
- Use Cyber Essentials to enhance best practice security – charities can now benefit from 20 free hours of support to implement its technical measures
Editorial credit icon image: Postmodern Studio / Shutterstock.com