Getting started with Bluesky for charities

Almost a third of charities experienced a cyber breach or attack in last 12 months, survey finds

Melanie May | 12 April 2024 | News

Around a third of charities (32%) have experienced some form of cyber security breach or attack in the last 12 months, according to government data. This is much higher for high-income charities with £500,000 or more in annual income (66%).

The Cyber Security Breaches Survey questioned 2,000 UK businesses, 1,004 UK registered charities and 430 education institutions between 7 September 2023 to 19 January 2024. It found that for both charities and businesses, the most common type of breach or attack was phishing: experienced by 83% of charities. This was followed by others impersonating organisations in emails or online (37% of charities) and viruses or other malware (14%).

Among those identifying any breaches or attacks, the government estimates that the single most disruptive breach from the last 12 months cost charities approximately £460.

Advertisement

Great Fundraising Organizations, by Alan Clayton. Buy now.

In comparison, half of businesses (50%) have experienced some form of attack or breach in the last 12 months, and the cost is estimated to be much higher for the single most disruptive breach from the last 12 months. This is estimated to have cost each business, of any size, an average of approximately £1,205. For medium and large businesses, this was approximately £10,830.

Taking action

The government advises that charities and businesses protect themselves through “cyber hygiene” measures, and says that a majority of both have a broad range of these measures in place. The most common are updated malware protection, password policies, cloud back-ups, restricted admin rights and network firewalls – each administered by around half of charities or more.

Businesses, it found, are more likely than charities to take actions to identify cyber risks. 26% of charities have undertaken cyber security risk assessments in the last year, compared to 31% of businesses.

In addition:

The survey also found that only 19% of charities have formal incident response plans, rising to 50% of high-income charities, and that external reporting of breaches remains uncommon. Among those identifying breaches or attacks, 37% of charities reported their most disruptive breach outside their organisation.

Cybercrime and fraud

The survey also included questions on cybercrime and cyber-facilitated fraud. An estimated 14% of charities have experienced cybercrime in the last 12 months, rising to 37% of high-income charities.

94% of charities that experienced cybercrime experienced phishing, while the least commonly identified types of cybercrime were ransomware and denial of service attacks (2% or less of charities who experienced cybercrime in each case). Just 1% of charities have been victims of fraud as a result of cybercrime.

It estimates that UK charities have experienced approximately 924,000 cybercrimes of all types in the last 12 months, compared to its estimate of 7.78 million cybercrimes of all types and approximately 116,000 non-phishing cybercrimes in the last 12 months for businesses.

The full survey can be read on .Gov.uk.

Loading

Mastodon