Take part in the 2025 Charity Shops Survey!

Now in its 34th year, the survey provides detailed benchmark data, giving you a better understanding of the charity retail sector. Deadline for submissions is 4th July.

Take part and find out more

Tristan Blythe: Safety first

02 Jun 2025 Voices

A safety first sign

Adobe Stock / gustavofrazao

Two prominent high-street names have been in the headlines the past few weeks as victims of a sophisticated cyberattack.

As well as sustaining major disruption to their business and the availability of goods, both the Co-op and Marks and Spencer have revealed that some customer details were accessed as part of the attack – although they stress no card details or passwords appear to have been lost in the data breach.

And these well-known names are not alone. A recent report by Pentara, a cybersecurity firm, found that 67% of the enterprises that it surveyed in the United States, Germany, France, and the United Kingdom reported a breach in the past 24 months. Of these, 6% reported a “significant impact” following a breach, 36% reported unplanned downtime, 30% cited data exposure and 28% experienced financial loss.

This is just one of many such findings which highlight the dangers of cybercrime – and it is not just for-profit businesses that will be targeted by cybercriminals. Charities must be alert to the threat of attack too. There have been some prominent examples of attacks in the charity sector in recent years too.

For example, in October 2023, the British Library was the victim of a cyberattack, which led to it having to close many of its services. In November 2023, the attackers released some of the charity’s data onto the dark web, including some personal user information.

Of course, while it is important to take steps to try to limit the chances of any attack and reduce its impact, if one does happen, how an organisation responds is also important. On this front, the British Library has recently been praised by the Information Commissioner’s Office (ICO), for a cyber incident review it published in March 2024 to share lessons learned from the breach.

It said: “We commend the British Library for being open and transparent about its system vulnerabilities that contributed to the incident, the impact it has had, and the improvements made so far to protect people’s personal information.”

It added that it had provided the charity with guidance but had decided that “further investigation would not be the most effective use of our resources”.

If your charity has still not done everything it can to protect itself from cyber criminals, see pages 16-24 for some excellent information and advice.

Tristan Blythe is editor of Charity Finance  

Charity Finance is packed with practical articles and analysis of the latest financial trends, as well as in-depth briefings on technical and legal changes, and benchmarking surveys to help busy finance teams get value for money. Find more information here and subscribe today!

 

More on