Even before COVID-19 reared its hideous head and forced charities and businesses alike online, cybercrime was a problem. Alarmingly, the government’s Cyber Security Breaches Survey 2023 found that over a quarter of charities identified a cybersecurity breach over the course of the year.
Also sobering is the 2023 report put the average annual cost of cybercrime for UK businesses, including charities, at around £15,300. That’s a heavy hit to anyone’s finances.
As many charities continue to save costs by encouraging their employees to work from home, a lot of transactions continue to be executed remotely. Online fundraising is also still very important for loads of charities.
And that’s presented a golden opportunity for hackers. They’ve been able to exploit people’s laxer home office security protocols.
Not to mention that some forms of cyber hygiene, like password policies and use of network firewalls, have fallen since 2021. This opens up more avenues for cybercriminals to exploit charities.
Clear and present cyber danger
So, all the figures point to cybercrime being an increasing problem for everyone, charities included. The very existence of a National Cyber Security Centre (NCSC), set up in October 2016 as part of GCHQ, shows how seriously the government takes the threat.
So seriously, in fact, that it has put together a cybersecurity guide specifically aimed at smaller charities.
GCHQ says its research reveals many small charities don’t see themselves as a target for cybercriminals. It suggests the problem lies partly with their culture of trust, which lulls them into a false sense of security.
Add to that an underlying lack of digital awareness, and the curse of limited resources to invest in and monitor cybersecurity, and you’ve got the perfect environment for hackers to thrive in. Also, for small charities to come off worse.
Fair game
But make no mistake. The fact you’re a charity doing good things means nothing to a cybercriminal. They’re solely focused on converting things like phishing emails and data breaches into hard cash – and they’re really not picky about who they prey on.
In fact, you could argue that being a charity makes you even more of a target. Personal info is like gold dust to cybercriminals. And they’re well aware that charities store data and financial details for their supporters, beneficiaries and volunteers.
If that digital data is then stolen and used by criminals for identity theft and fraud, it can unleash claims for compensation from everyone affected. That means lawyers, legal fees and pay-outs, so never a cheap exercise.
It can also put you in trouble with the regulator and spark an investigation if they suspect you haven’t done all you should to protect the data under GDPR. Not forgetting that a data breach can put a big dent in your charity’s reputation. And that can have a knock-on effect on donations.
Cyber-attacks can be devastating in other ways too. Your data or network might be held to ransom for a sum that will empty your bank account. Your website might be taken down. Or your systems could be infected with malware, meaning you can’t operate.
Protect and survive
All these are good reasons why it’s important to prevent cyber-attacks in the first place if possible. Prevention is better than cure, after all. It’s also why the GCHQ guide is focused on helping charities wake up to the reality of cybercrime.
The guide spells out five key steps small charities can take to boost their chances of avoiding or at least surviving an attack:
- Back up data
- Protect against malware
- Make remote devices like laptops secure
- Use strong passwords
- Be alert to phishing.
All sound advice, of course. But the reality is, even if you do everything you’re advised to, hackers are devilishly devious. They’re usually one step ahead of the game, and sometimes even your best efforts won’t be enough to ward them off.
How charity cyber insurance can help
Even if you can’t always prevent an attack, you can at least do the next best thing and be ready for one. That means having a plan to start dealing with the fallout straightaway and get back on your feet again quickly.
The trouble is, that fallout might include repairing your systems, resurrecting your website, paying ransoms or fielding compensation claims. It might also mean an investigation by the regulator or dealing with the fact your treasurer has fallen for a phishing email and transferred £thousands to a bogus account.
Not so straightforward then. And a good reason for charities to think about having charity cyber insurance as back-up. Because while it can’t stop you from being a victim of cybercrime, it can stop you being the sort of victim that never recovers.
That’s because charity cyber insurance provides the financial clout and expertise you need to get back up and running fast. It pays to fix systems, restore data and deal with investigations. On top of that, it covers ransoms, legal costs, compensation, and lost revenue. It also provides vital crisis PR.
Two ways to beat cybercrime
If GCHQ is worried about charities providing easy pickings for cybercriminals, you should be too. It’s a sure sign that it’s time to do something about it.
Implementing the cyber-attack prevention strategies outlined in the GCHQ guide is a good place to start. Cyber insurance is perhaps the best place to finish.
And it seems like charities are already busy protecting themselves. 33% of the not-for-profits that fed back to the 2023 Cyber Security Breaches Survey confirmed they currently have charity cyber insurance in place.
Click on the link to find out more about charity cyber insurance. Or call the team on 0345 222 5391 if you'd prefer to talk.
And if you'd like to read about what other insurance your charity might need, it's all explained in our simple guide.
Image used under license from Shutterstock.
charity insurancecyber liability insurancemanaging riskrunning a business