One in five charities suffered a cyber security breach or attack in the last 12 months, according to a government survey.
DCMS’ Cyber Security Breaches Survey 2018 found that 19 per cent of the 555 charities that responded had suffered a cyber breach or attack in the past year, compared to 43 per cent of businesses.
Some 62 per cent of charities with an income over £500,000 experienced a breach or attack, compared to 34 per cent of charities with an income of £100,000 to £500,000 and 13 per cent of charities with an income of below 13 per cent.
The average cost of each cyber security breach was £1,460 for charities over £500,000, while it was £309 for charities between £100,000 and £500,000.
The most common breaches or attacks were via fraudulent emails - for example, attempting to coax staff into revealing passwords or financial information, or opening dangerous attachments - followed by instances of cyber criminals impersonating the organisation online, then malware and viruses.
The survey found 21 per cent of charity respondents have a formal cyber security policy, compared to 27 per cent of businesses.
It also found 53 per cent of charities rated cyber security as a high priority for their organisation, compared to 74 per cent of businesses.
The survey suggests that smaller charities are not as well prepared to defend themselves against cyber security breaches as larger organisations.
Some 54 per cent of respondents from charities with incomes below £100,000 said they had sufficient staff capacity to manage cyber security, compared to 66 per cent of charities with incomes between £100,000 and £500,000, and 77 per cent of charities with incomes of £500,000.
Digital minister Margot James said: “These new figures show many organisations need to act now to make sure the personal data they hold is safe and secure.
“We are investing £1.9 billion to protect the nation from cyber threats and I would urge organisations to make the most of the free help and guidance available for organisations from the Information Commissioner’s Office and the National Cyber Security Centre (NCSC).”
Ciaran Martin, chief executive of the NCSC, said: “Cyber attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.
“Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses. Our advice has been set out in an easy-to-understand manner in the NCSC’s small charities and business guides.”
Information Commissioner, Elizabeth Denham, said: “With the new data protection law, the General Data Protection Regulation (GDPR) taking effect in just a few weeks, it’s more important than ever that organisations focus on cyber-security.”