Major increase in cyber-attacks on charities, survey finds

The survey asked 500 senior decision makers at UK-based charities whether they had experienced cyber-attacks, what the effect of those attacks were and if they had any measures in place to protect their charity from would-be attackers.

Two in five charities (41%) experienced a cyber-attack in the last 12 months, a 13% increase on the previous year (28%). Research published in March 2021 by Department for Digital, Culture, Media and Sport (DCMS) similarly found that a quarter (26%) of voluntary sector organisations had reported such activity over the previous year.

Worryingly, almost a third (30%) of victims said they had experienced five or more attacks or breaches during the last year.

Phishing (39%), Malware (30%) and Denial of Service attacks (29%) were the most common forms of cyber-attack experienced by charities – again showing an increase on the previous year, where Phishing accounted for just 15%.

Over a third (37%) of charities said that they had experienced a loss of data as a result of one of those attacks with 31% of those having received fines as a result of data breaches. Just last week the International Committee of the Red Cross (ICRC) confirmed it had been a victim of an attack in which personal data and confidential information on 515,000 vulnerable individuals was stolen from a third party.

The survey also found that charity leaders felt moving to home working had exposed them to a higher risk of cyber-attack (39%). The government restrictions on home working, brought in on 13 December, were last week announced to be ending from 27 January.

There is some positivity though, with over three quarters (78%) of charities saying they feel fully prepared to deal with a cyber-attack.

Three out of five charities (60%) have a cyber-security plan in place, an 8% increase since 2020 (52%) with a further 28% saying they are developing one.

Over half (54%) responded to say that they have a cyber-risk management plan and over two fifths (43%) have a cyber-insurance policy while a further quarter (25%) are working towards taking one out.

Faith Kitchen, customer segment director at Ecclesiastical, said: “The last 12 months have been incredibly challenging for large parts of the charity sector – increased demand, decreasing budgets and restrictions changing how they work creating a perfect storm for many.

“Against such a challenging backdrop it is encouraging to see that charities are investing in cyber security measures to help tackle the increasing threat of a cyber-attack.

“The increase in attacks over the last year shows there is still more to be done to help protect charities from being a victim of cyber-crime. Ecclesiastical has produced risk management guidance to support charities with this, and we’d encourage them to speak with their broker about how our policies can provide further protection and to reduce the threat to their organisation.”

View Ecclesiastical’s cyber security advice.

* Ecclesiastical Insurance Charity Barometer 2020