Baroness Pauline Neville-Jones, a former minister of state for security, has urged charity trustees to become well-informed about data security, as IT breaches involving donors or beneficiaries’ details could lead to loss of trust and legal implications.

Speaking at the Charity Finance Leadership Forum this week, the Baroness, who was also previously a government special representative to business on cyber-security, said that reputational damage was considerable when a trusted organisation was careless with the information of others.

She also said:“It is the law and the responsibility of trustees to be aware about who is giving and in what direction the money is going. This also applies to the cyber world.”

She advised that it was essential that trustees and charities knew what “normal” looked like for an IT system:

“There are organisations with sophisticated systems who don’t’ know what ‘normal’ looks like,” she said. “So they don’t know what an anomaly will look like and can rack up several losses and not know for months.”

She said that trustees should develop a risk assessment on the security of cyber systems.