Smaller charities are more vulnerable to cybercrime because they are more likely to have older trustees with lower awareness of the problem, the Charity Commission has warned.
The Commission has today published a report, Preventing Charity Cybercrime: Insight and Action. It says the link between age and cyber-ability means that smaller charities could be more vulnerable than equivalent organisations in the private or public sectors.
Nearly half of the 3,300 charities surveyed in partnership with the Fraud Advisory Panel said their board had overall responsibility for cybersecurity.
Meanwhile, nearly 500 charities said that no one was responsible for cybercrime at their organisation.
The Commission’s advice is that charities should clarify who is responsible for their cybercrime risks and make it a governance priority for the board.
One in six large charities will be victims of cybercrime
The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising.
It adds that 3 per cent of charities are known to have suffered a successful cyberattack in the past two years.
The report also says charities are four times more likely to discover cybercrime through internal IT controls or from staff raising concerns than by all other external sources combined.
Just under one quarter (23 per cent) of attacks were discovered by accident.
More than a third (36 per cent) of respondents did not know the type of cyberattacks the charity is most vulnerable to.
The most common types of cyberattacks across charities were found to be phishing or malicious emails and hacking or extortion.
Less than a third report cybercrime to police
Less than a third of charities were found to be reporting cybercrimes to the police, while a quarter reported the crime to their bank.
32 per cent did not report the cybercrime to anyone outside their organisation.
Over a third of charities that had suffered a cybercrime said it had no impact on the organisation.
Of charities that suffered negative consequences from an attack, 19 per cent reported financial loss and 15 per cent reported loss of data.