Charities Experiencing Thousands Of Weekly Cyber Attacks

Experts predict that one in every six large charities will suffer a cyber attack during the next two years.

Nearly a quarter of charities believe cyber crime is a greater risk to the sector than any other sectors, according to the main findings of the largest survey ever undertaken into cyber crime in the UK charity sector.

The Charity Commission for England and Wales, together with the National Cyber Security Centre, are on a quest to help charities understand the risks by giving them the tools and action needed to combat the threat of cyber crime in the charity industry.

The report highlights the main findings from a cyber crime survey of registered charities in England and Wales during March 2019.  The Charity Commission, supported by the Fraud Advisory Panel, contacted a representative and randomly selected sample of 15,000 charities.

Charities across England and Wales spend nearly £80 billion of much needed funds every year. The sensitive financial and personal information they hold means that they are increasingly targeted by criminals.

Over half (58%) of charities think cyber crime is a major risk to the sector, which causes direct harm to the charity organisations themselves and beneficiaries.

The initial findings of the report were encouraging as charities are much more aware of the risk of cyber crime, especially larger charities but many small and medium charities are less aware of the risks but worryingly more at risk.

Trends in the industry mean that in the next two years one in every six large charities will suffer a cyber attack and many others will be victims without even knowing that they have been targeted.

Those charities who have been attacked by cyber crime seek to revise their IT security, training workshops or the security of their website rather than making changes before they’re affected in the first place.

Furthermore, a charity is four times more likely to discover cyber crime through their internal IT controls or concerned employees than all other external sources.

Astonishingly, The Charity Commission announced yesterday that 53% of charities who have been affected by fraud over the past two years knew the perpetrator.

The research found that over a third of the fraudsters were the charity’s own employees, while trustees and volunteers together were responsible for 28% of cases – and beneficiaries were accountable for 13% of frauds.

Even though there is no specific evidence to prove that charities are at greater risk of fraud or financial crime than other organisations, there is no denying cyber crime is a rapidly growing threat to the sector – costing the industry millions, potentially billions of pounds every year.

Charities should recognise the significant threat of cyber crime and understand the reputational damage and potential impact it can cause on them.

Although the research indicates charities are increasingly aware of the risk of fraud, findings reveal that charities are not always recognising security vulnerabilities within their organisation by failing to put in place basic checks.

Astonishingly, 34% think their organisation is not vulnerable to charity fraud, 85% of charities think they have put in every measure possible to prevent fraud from happening and nearly 50% do not have any protections in place at all.

Looking at the types of cyber attacks, 39% of charities think phishing and malicious emails are the greatest threats, followed by hacking/extortion (15%) – and over a third of charities also don’t know which type of cyber attacks they are most vulnerable to.

Helen Stephenson CBE, Chief Executive of the Charity Commission said: 

“We want to help charities maximise the positive impact they have in the lives of those they exist to serve, and in society as a whole. Preventing and tackling fraud against charities is a vital part of that.

“While the majority of those involved in charity are honest, passionate, and committed, charities can unfortunately be vulnerable to exploitation and abuse by those intent on personal gain. And when a charity does fall victim to fraud, more is lost than money. Fraud can have a hugely detrimental impact on morale in a charity, and on public trust.

“The good news is that it’s possible to disrupt and prevent fraud, if charities put basic measures in place. That starts with charities acknowledging that they’re vulnerable to abuse and being determined to prevent people taking advantage of their good name and the generosity of those who support their cause. We therefore applaud charities that are open about the steps they’re taking to identify and tackle fraud and call on all charities to put protective steps in place to keep their charity safe from harm. Zero tolerance of fraud is an important element of sound financial stewardship which is vital to public trust and confidence in charities.

“The steps we are recommending are simple because we know that smaller charities in particular don’t need or want lots of bureaucracy – just the tools they need to deliver as much benefit as possible.”

Matthew Lagden, CEO of The Institute of Legacy Management welcomes the report by saying

The Institute of Legacy Management is very pleased to see charities taking this issue seriously.”

“Charities receive £3bn each year from legacy income, which funds vital services across the country. The large sums of money involved, and the move away from paper based systems to electronic payments has opened up particular and new vulnerabilities, and we are encouraging our members to engage with and manage these risks.”

Full more details on the report click here.