One in eight charities experienced cybercrime in the past year yet only around a quarter of charities have a formal policy in place for managing the risk, a survey shows.
Released ahead of this week’s Charity Fraud Awareness Week, the Charity Commission’s survey also reveals that only 55% of charities say cyber security is a fairly or very high priority.
With previous findings indicating that the pandemic had prompted increasing numbers of charities to move to digital fundraising and operating, the Charity Commission’s new survey explored their experiences of cyber-attack. It found that over half of charities (51%) held electronic records on their customers, while 37% enabled people to donate online. The most common types of attacks experienced were phishing and impersonation, both of which can put personal data at risk.
The survey, conducted by IFF Research this month. saw 2,330 charities in England and Wales respond. It also shows an under-reporting of incidents, with only a third (34%) of affected charities reporting breaches. The Commission says that it is important to tell it where there has been a serious incident, even where there may be no regulatory role, so it can identify trends and patterns and help prevent others from falling victim to fraud.
Steps that can be taken to protect against cyber harms include changing passwords regularly, using strong passwords and two factor authentication, updating training and policies, making back-ups of data using the cloud and making sure antivirus and all other software is patched to the latest version. Tools and resources to help charities reduce their vulnerability to these crimes will be available throughout Charity Fraud Awareness Week.
Charity Fraud Awareness Week runs from 17-21 October and is run by the Charity Commission and the Fraud Advisory Panel and a partnership of charities, NGOs, regulators, law enforcers, and other not-for-profit stakeholders. It raises awareness of fraud and cybercrime, and offers online events, talks and advice from anti-fraud experts to help nonprofits tackle the problem.
Amie McWilliam-Reynolds, Assistant Director Intelligence and Tasking, Charity Commission said:
“Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations. This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated. But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk, and are therefore exposing their charity to potential fraud.
“Preventing and tackling fraud is not a ‘nice to have’. It is vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures.”