Over a quarter of charities reported cyber attacks in 2019, according to the government's latest annual survey.
The Cyber Security Breaches Survey, published by the Department for Digital, Culture, Media and Sport, found that 26% of charities experienced a cyber security breach or attack in the last 12 months.
More reports of cyber breaches
The findings show an increase in the number of incidents at charities. In 2018 19% said they had experienced a breach and in 2019 it was 22%.
The report suggested that this may mean that more charities are being targeted, but it could also mean that they are better at identifying breaches than before.
A fifth of charities affected by cyber attacks reported that it happened at least once a week.
The report found that higher income charities were more likely to be affected by cyber attackers. It found that 57% of charities with incomes of more than £500,000 a year were affected by cyber attacks or breaches in the 12 months before the survey took place.
High income charities are also more likely to say that cyber security is a high priority, with 94% saying so as opposed to 74% of charities overall.
Cyber security becomes a high priority
The proportion of organisations viewing cyber security as a high priority has risen over time for both businesses and charities. For charities, there was a particularly steep rise between the 2018 and 2019 surveys, which is “likely to have been driven by the introduction of GDPR in early 2018”.
Charities are more likely to see cyber security as a high priority in 2020, as board engagement has increased over time. Three-quarters of charities say this about their senior management (74%), up from 53% in 2018.
Four in ten charities update their senior management on cyber security at least quarterly.
Charities are nonetheless less likely than businesses to have security controls on electronic devices or to restrict access to their own devices. Use of personal devices has historically been much more common in the charity sector.