Survey reveals charities’ biggest concerns in event of a cyberattack
New report highlights the need for trustees to do more to protect against cyber threats
With a new Charity Commission report highlighting the need to raise awareness among trustees about the importance of protecting their charity against cyber-attacks, a survey has revealed what charities think would be the biggest impact of an attack.
The recent poll of 101 charities by Ecclesiastical, who insure more than 45,000 charities, found that 77% of larger charities feel that damage to individual reputations would be the biggest impact, second only to the cost of breaching data regulations.
More than half of all the charities surveyed said that damage to individual reputations would be the biggest impact on their charity following a cyber-attack, but the concern was much higher up the list for charities with a turnover over £1.5m (full results below).
David Britton, charity director at Ecclesiastical, said: “With many charities exploring alternative fundraising methods, including embracing digital, there’s no doubt that charities, and particularly their trustees, are facing and taking more risks.
“This increased appetite for embracing operational risks in a bid to mitigate financial risks, coupled with increasing cyber threats and new regulation such as the General Data Protection Regulation (GDPR), means it is more important than ever for charity trustees to manage risk effectively and protect their organisation’s best interests when making big decisions.”
This view echoes one of the major findings of the new trusteeship report published by the Charity Commission this week, which states:
“There is a clear case for further promotion of awareness of the need for trustees to take adequate measures to protect their organisations against fraud and particularly against cyber-attacks.”
David added: “It’s not just the financial cost of putting things right that needs to be considered; the damage to the reputation of the charity and the individuals that run it can be just as serious in the longer term.
“Good overall governance is, of course, the most important factor in managing financial and reputational risks but in terms of cyber, it’s worth backing up your business continuity plan with cyber insurance cover.
“This can help by providing charities with access to cyber experts and other professionals to help them deal with the financial and reputational fall-out of an attack, including notifying the people affected by a data breach, which can involve significant resource.
“Third sector organisations can also consider insuring against personal liabilities so that trustees can feel more confident in making big decisions in times of change.”
In the poll, a fifth of the largest charities also said that the threat of a cyber-attack is acting as a barrier to exploring a change in business model.
Biggest impacts on charities from a cyber-attack
Charities with a turnover over £1.5million:
- Cost of breaching data regulations/breaking laws/fines 81%
- = Damage to individual reputations 77% / Loss of data 77%
- Cost of putting things right 69%
Charities with a turnover of £500,000 to £1.5million:
- Loss of data 76%
- Cost of putting things right 65%
- Your charity having to stop services temporarily 63%
Charities with a turnover less than £500,000
- Loss of data 80%
- Cost of putting things right 52%
- = Cost of breaching data regulations/breaking laws/fines 44% / Your charity having to stop services temporarily 44%
Overall charity results:
- Loss of data 77%
- Cost of putting things right 63%
- Cost of breaching data regulations/breaking laws/fines 62%