UK Charities at risk from Cyber Crime

Charities need to be just as vigilant as a business

Many charities, particularly smaller ones, do not realise the value of their personal, financial, commercial and other data, according to a report by the National Cyber Security Centre (NCSC). Charities typically do not perceive themselves as targets, but cyber criminals have realised that they hold lots of data which can make them vulnerable to attack. In light of the new EU data protection laws, the NCSC has issued new cyber security guidance to small charities encouraging them to try and improve their cyber security. According to the NCSC threat assessment, the culture of openness makes small charities more vulnerable to cyber fraud and extortion, with many falling victim to various attacks with potentially devastating consequences. There are almost 200,000 charities registered in the UK, and the threat assessment reveals how cybercriminals are targeting their funds, supporter details and information on beneficiaries. The guidance for small charities outlines easy and low-cost steps to protect from attacks, including advice on backing up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks. The report reassures people that investment in cyber security may not be as expensive or time-consuming as they think and prove cheaper than repairing the damage after a cyber-attack. “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat” Alison Whitney, director for engagement at the NCSC. One example details how a UK charity lost £13,000 after its CEO’s email account was hijacked to send a fraudulent message instructing their financial manager to release the funds, commonly known as business email compromise, CEO fraud, or whaling. The scale of cyber-attacks against charities is unclear due to under-reporting, so charities are being urged to report such crimes to Action Fraud and the Charity Commission via You can also report by calling 0300 123 2040 Monday to Friday 8 am - 8 pm

Exchanging threat information

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said charities play a vital role in our society and so the diversion of charitable funds or assets through cybercrime is particularly damaging and shocking. “Unfortunately, charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust”. Stuart Etherington, CEO of the National Council of Voluntary Organisations (NCVO) said awareness and knowledge about cyber security continue to differ among charities, but all charities must protect the data they hold from cybercrime.

Making use of digital technology

The UK government has also indicated that it is fully committed to defending against cyber threats and addressing the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.

Top 5 cyber security areas for small charities

The article includes advice to help charities protect themselves from the most common cyber-attack, the top five topics are:
  1. Backing up your data
  2. Preventing malware damage
  3. Using passwords to protect your data
  4. Keeping your smartphones safe
  5. Avoiding phishing attacks
To read the full article click here for the pdf download ‘Cyber security – a small charity guide’

Further info

If you would like help to improve your cyber security, don’t hesitate to get in touch. Call 01482 210999 or email