The National Cyber Security Centre (NCSC), which is part of GCHQ, has published an assessment of the threat to charities and a guide to help the sector minimise the risks.
In its assessment of the charity sector, the NCSC said there is “considerable variation in charities’ understanding, approach to and application of" cybercrime.
“Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity,” the report concluded. “We believe many, particularly smaller charities, do not realise this and do not perceive themselves as targets.“
It found that some charities had fallen victim to malicious cyber activity but that under-reporting meant the “the scale of this activity is unclear”.
In one example a charity lost £13,000 after its chief executive’s email was hacked.
“Incidents may not be reported externally for fear of reputational and/or financial consequences, or through uncertainty of how and where to register the offence,” it said.
NCSC has now published a free guide for small charities to help them understand the types of attack that they might be vulnerable to and how to protect themselves.
Writing in the foreword to the Small Charity Guide, NCSC chief executive Ciaran Martin said: “I am extremely proud to present this cyber security guide for charities, who are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity.
“The National Cyber Security Centre aims to make the UK the safest place to live and work online.
“We are committed to supporting the charity sector and we encourage you all to implement the quick and easy steps outlined in this guide.”
Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework - unfortunately charities are not immune to fraud and cyber-crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.
“We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”