A third of charities have suffered a cyber-attack during the coronavirus pandemic

Phishing attacks, where attackers attempt to obtain sensitive data by pretending to be a trustworthy source, have been the most common threat, affecting one in seven (15%) charities, followed by spear phishing (7%), malware (5%) and ransomware (3%). One in 20 charities (5%) said they had suffered an accidental data breach during the pandemic.

The findings come after the Charity Commission revealed on Monday that fraudsters have stolen over £3.5m from charities during the pandemic. The regulator says it received 645 reports of fraud and cybercrime between March and September.

The survey of 250 charities carried out by YouGov and released to coincide with Charity Fraud Awareness Week, found that the vast majority (95%) of charities are now working remotely. While 29% were already embracing remote working before the pandemic, two-thirds moved to remote working during the pandemic.

The transition to remote working has not been without its challenges though, with half of charities admitting to technological challenges while adapting to new ways of working. A third have been hampered by the lack of staff and volunteer skills, and a third have struggled to adapt in line with their culture.

Many charities have beefed up their cyber-security as a result of the shift to remote working caused by the pandemic, the specialist insurer found.

One in four (23%) said they had increased investment in security software, while 21% have provided additional advice or training for staff on how to stay safe working from home. Almost one in five (18%) have brought in external support to help improve cyber security for remote workers.

However almost half (45%) have not taken any steps at all to increase protection for staff working from home, prompting concerns that charities are not taking the threat of cyber fraud seriously.

Research carried out by Ecclesiastical earlier this year found that many charities were complacent about the risk of cyber-crime. While the majority of charities (81%) said they were ‘fully prepared’ to deal with a cyber-attack, the research found just half (52%) had a cyber security plan in place, while fewer had a specific cyber risk management plan (42%) or cyber insurance cover (42%).

In response to these issues, the insurer launched a cyber scenario planner for charities to help them assess and understand their cyber risks accurately. The planner is designed to help charities make informed decisions about security and identify where there are weaknesses or areas for further investment.

Angus Roy, charity director at Ecclesiastical Insurance, said: “The move to remote working has presented technological challenges for all organisations, and this has created opportunities for cyber-criminals. Like everyone else, charities can be susceptible to fraud and cyber-crime.

“Our research has found that while some charities have taken steps to protect staff working from home, many are still not taking the threat of cyber fraud seriously. All charities, even those with relatively small reserves to call upon, can take simple steps to boost resilience to fraud and cybercrime.”

Charity Fraud Awareness Week 2020 takes place 19-23 October.