Charities prone to cyber attack says report

Cyber attack

​Lack of skills, understanding and expertise means charities are vulnerable when it comes to IT security 

23rd August 2017 by Robert Armour 0 Comments

A UK government report says charities lack skills and understanding about cyber security leaving them prone to cyber attack.

The Department for Digital, Culture, Media and Sport today published a report, Cyber Security Among Charities, as part of its National Cyber Security Strategy. 

Basic awareness was lacking especially among smaller charities a situation that was being exacerbated by a lack of infrastructure support and learning, the report found.

The government department commissioned Ipsos Mori to carry out 30 in-depth interviews with a range of charities that identified a number of barriers including a lack of skilled trustees. 

“Responsibility for cyber security internally was often held by someone with a different core role, or with multiple responsibilities, such as chief executives or finance staff,” the report said. 

“Competing demands on time and resources – with greater focus often given to areas such as fundraising and delivery – meant that cyber security was often deprioritised and could lack investment.”

Matt Hancock, minister for digital, said he was committed to working with the Charity Commission to produce more tailored guidance. 

“Recent attacks have shown the devastating effects of not getting our approach to cyber security right,” he said. 

“Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre.”

Helen Stephenson, chief executive of the Charity Commission, said: “Charities have lots of competing priorities but the potential damage of a cyber-attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation.

"Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security."