This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.





The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Charities complacent over cyber crime

This news post is about 4 years old
 

Only half of organisations have an adequate plan in place to deal with a cyber breach

Charities are too complacent about the risk of cyber-crime, an insurer has warned.

Research carried out by Ecclesiastical Insurance found the majority of charities (81%) believe they are fully prepared to deal with a cyber-attack. Good service from an IT provider (48%) is the main reason for charities feeling secure, while clear protocols and procedures is cited by 17%.

But many charities don’t have adequate systems in place to prevent a cyber breach, the insurer warned. The research found just half (52%) have a cyber security plan in place, while fewer have a specific cyber risk management plan (42%) or cyber insurance (42%) in case the worst happens.

Attacks on charities have been steadily rising in recent years and a third of respondents believe the risk of a cyber-attack has increased in the past year, rising to 40% among larger charities.

While investment in cyber security has increased in the past year, particularly in larger charities (58%), many charities aren’t doing enough to protect themselves, said Angus Roy, charity director at Ecclesiastical.

“Many charities still don’t see themselves being at risk of cyber-crime, or if they do, they think they can transfer the risk to their IT provider. The fact is that charities are an increasingly attractive target to cyber-criminals and if they are victims of a cyber incident, it will be them and not the IT provider that has to deal with the reputational fallout.

“It’s also worth remembering that while IT providers can implement security measures and controls, it’s not a total solution. Cyber-crime is multi-faceted and can often involve a human factor, so charities need to ensure they have a cyber security plan and appropriate control mechanisms in place.”

The survey of 200 charity leaders also found two-thirds (65%) that have cyber insurance don’t know what it covers.

Roy said: “Charities are buying cyber insurance as a tick box exercise without really understanding how it can help them.

“As a specialist insurer, we want to help charities understand and mitigate their risks so they can continue to operate successfully.”