Two prominent high-street names have been in the headlines the past few weeks as victims of a sophisticated cyberattack.
As well as sustaining major disruption to their business and the availability of goods, both the Co-op and Marks and Spencer have revealed that some customer details were accessed as part of the attack – although they stress no card details or passwords appear to have been lost in the data breach.
And these well-known names are not alone. A recent report by Pentara, a cybersecurity firm, found that 67% of the enterprises that it surveyed in the United States, Germany, France, and the United Kingdom reported a breach in the past 24 months. Of these, 6% reported a “significant impact” following a breach, 36% reported unplanned downtime, 30% cited data exposure and 28% experienced financial loss.
This is just one of many such findings which highlight the dangers of cybercrime – and it is not just for-profit businesses that will be targeted by cybercriminals. Charities must be alert to the threat of attack too. There have been some prominent examples of attacks in the charity sector in recent years too.
For example, in October 2023, the British Library was the victim of a cyberattack, which led to it having to close many of its services. In November 2023, the attackers released some of the charity’s data onto the dark web, including some personal user information.
Of course, while it is important to take steps to try to limit the chances of any attack and reduce its impact, if one does happen, how an organisation responds is also important. On this front, the British Library has recently been praised by the Information Commissioner’s Office (ICO), for a cyber incident review it published in March 2024 to share lessons learned from the breach.
It said: “We commend the British Library for being open and transparent about its system vulnerabilities that contributed to the incident, the impact it has had, and the improvements made so far to protect people’s personal information.”
It added that it had provided the charity with guidance but had decided that “further investigation would not be the most effective use of our resources”.
If your charity has still not done everything it can to protect itself from cyber criminals, see pages 16-24 for some excellent information and advice.
Tristan Blythe is editor of Charity Finance
Related articles