One in eight charities were victims of a cyber attack last year, according to data released by the Charity Commission.
The survey, conducted by IFF Research and published last week, found that 12% have experienced cybercrime over the past 12 months.
The Commission has warned that an increase in the number of charities moving to digital fundraising and operating since the pandemic risks “exposing them to the risk of cybercrime”.
Quarter of charities have a formal policy to manage risks
IFF Research surveyed 2,330 charities this month in England and Wales. It found that just over 24% of these have a formal policy in place to manage cyber security risks.
Over half (55%) of the respondents described cyber security as a “fairly or very high priority”.
Some 51% said they have electronic records on their customers while 37% have allowed people to make online donations.
The Commission said that “a greater digital footprint increases a charity’s vulnerability”.
It added: “The most common types of attacks experienced were phishing and impersonation (where others impersonate the organisation in emails or online). For both attacks personal data is often at risk.”
The survey also revealed an under-reporting of cyber-related incidents, with only a third of affected charities reporting breaches when they happen.
Preventing and tackling fraud is not a ‘nice to have’
Amie McWilliam-Reynolds, assistant director intelligence and tasking at the Commission, said that preventing and tackling fraud was essential.
“It’s vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures,” she said.
“Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations. This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated.
“But online financial transactions and the collection and storage of personal data also harbour risk, and we’re concerned that some charities may be underestimating that risk, and are therefore exposing their charity to potential fraud.”
David Green from the Fraud Advisory Panel said: “Fraud is the UK’s most commonly experienced crime and much of it is committed online. Therefore, it is essential that charities take the security of their systems, information, people and money seriously. Simple cyber security measures can make a big difference which is why we’ve collaborated with UK police forces to offer a series of free cyber-security focussed events during this year’s awareness week.”
Charity Fraud Awareness Week runs from 17 to 21 October.