Just over a quarter (26%) of charities said they had experienced a cyber breach in the last year, according to an annual report.
The Cyber Security Breaches Survey, published by the Department for Digital, Culture, Media and Sport last week, shows that while the percentage of charities reporting cyber breaches had remained stable, there was an increase in those charities using online donations and services.
Larger charities were more likely to say they had experienced a breach. Half of all high-income charities (£500,000 or more), and 68% of those with very high incomes (£5m or more) recorded breaches or attacks.
Nearly 80% of breaches involved phishing attacks, 23% involved others impersonating the charity’s emails, and 16% involved viruses, spyware or ransomware.
Other less common types of breaches included unauthorised listening into video conferencing, taking over the charity’s accounts and hacking bank accounts.
Of those charities that reported breaches, one in five said that they experienced an issue once a week. 18% of charities affected said that they end up losing money data or other assets.
Donations and services
Nearly 500 charities were involved in the survey this year. 45% allow online donations and 39% have services beneficiaries can access online.
More charities are using online donations and services compared to 2019, when 24% of charities provided an ability for people to donate online and 29% allowed people to access services online.
The report suggests: “This could indicate an increase in organisations moving their business or services online during the Covid-19 pandemic, when face-to-face dealings have become more restricted.”
Two-thirds of charities say that staff regularly use their personal devices for work, compared to less than half for businesses.
Some 17% of charities said that they were using an old, unsupported, version of Windows. This was slightly lower than businesses.
Overall one-third of charities have a trustee who is responsible for cyber security.
Just under half (45%) said that they had sought advice from outside their organisation about cyber security issues.
Impact of Covid-19
Four-in-five charities said that the pandemic had made no change to how cyber security was prioritised.
The report says this was down to organisations already believing that the issue was given a high priority or because they did not believe the pandemic had increased cyber risks.
However the report cautions: “Under the pandemic, organisations are perhaps less aware of the breaches and attacks they are facing.”
It adds: “A key finding in the qualitative research is that direct monitoring has become more difficult in organisations where staff are working remotely – it is harder for organisations to know if staff are following the agreed policies and processes.”