Even before COVID-19 reared its hideous head and forced charities and businesses alike online, cybercrime was a problem. Alarmingly, the government’s Cyber Security Breaches Survey 2020 found that over a quarter of charities identified a cybersecurity breach over the course of the year.
Also sobering is the fact that although the 2020 report does not identify a figure, the 2019 report put the average annual cost to charities suffering data or asset loss through cybercrime at £9,470. That’s a heavy hit to anyone’s finances, but especially in these straitened times.
Since the pandemic sent most people out of the office to work from home, all kinds of transactions have been executed remotely instead. With organised events off the agenda, fundraising has moved largely online too.
And that’s presented a golden opportunity for hackers. They’ve been able not only to exploit people’s laxer home office security protocols, but prey on their COVID fears too.
People searching for coronavirus information have fallen victim to bogus sites that infect their systems with malware. It’s a serious enough problem for the UK’s National Cyber Security Centre to publish a list of coronavirus-related cyber threats.
Clear and present cyber danger
So, all the figures point to cybercrime being an increasing problem for everyone, charities included. The very existence of a National Cyber Security Centre (NCSC), set up in October 2016 as part of GCHQ, shows how seriously the government takes the threat.
So seriously, in fact, that it has put together a cybersecurity guide specifically aimed at smaller charities.
GCHQ says its research reveals many small charities don’t see themselves as a target for cybercriminals. It suggests the problem lies partly with their culture of trust, which lulls them into a false sense of security.
Add to that an underlying lack of digital awareness, and the curse of limited resources to invest in and monitor cybersecurity, and you’ve got the perfect environment for hackers to thrive in. Also, for small charities to come off worse.
But make no mistake. The fact you’re a charity doing good things means nothing to a cybercriminal. They’re solely focused on converting things like phishing emails and data breaches into hard cash – and they’re really not picky about who they prey on.
In fact, you could argue that being a charity makes you even more of a target. Personal info is like gold dust to cybercriminals. And they’re well aware that charities store data and financial details for their supporters, beneficiaries and volunteers.
If that digital data is then stolen and used by criminals for identity theft and fraud, it can unleash claims for compensation from everyone affected. That means lawyers, legal fees and pay-outs, so never a cheap exercise.
It can also put you in trouble with the regulator and spark an investigation if they suspect you haven’t done all you should to protect the data under GDPR. Not forgetting that a data breach can put a big dent in your charity’s reputation. And that can have a knock-on effect on donations.
Cyber-attacks can be devastating in other ways too. Your data or network might be held to ransom for a sum that will empty your bank account. Your website might be taken down. Or your systems could be infected with malware, meaning you can’t operate.
Protect and survive
All these are good reasons why it’s important to prevent cyber-attacks in the first place if possible. Prevention is better than cure, after all. It’s also why the GCHQ guide is focused on helping charities wake up to the reality of cybercrime.
The guide spells out five key steps small charities can take to boost their chances of avoiding or at least surviving an attack:
- Back up data
- Protect against malware
- Make remote devices like laptops secure
- Use strong passwords
- Be alert to phishing.
All sound advice, of course. But the reality is, even if you do everything you’re advised to, hackers are devilishly devious. They’re usually one step ahead of the game, and sometimes even your best efforts won’t be enough to ward them off.
How charity cyber insurance can help
Even if you can’t always prevent an attack, you can at least do the next best thing and be ready for one. That means having a plan to start dealing with the fallout straightaway and get back on your feet again quickly.
The trouble is, that fallout might include repairing your systems, resurrecting your website, paying ransoms or fielding compensation claims. It might also mean an investigation by the regulator or dealing with the fact your treasurer has fallen for a phishing email and transferred £thousands to a bogus account.
Not so straightforward then. And a good reason for charities to think about having charity cyber insurance as back-up. Because while it can’t stop you from being a victim of cybercrime, it can stop you being the sort of victim that never recovers.
That’s because charity cyber insurance provides the financial clout and expertise you need to get back up and running fast. It pays to fix systems, restore data and deal with investigations. On top of that, it covers ransoms, legal costs, compensation, and lost revenue. It also provides vital crisis PR.
Two ways to beat cybercrime
If GCHQ is worried about charities providing easy pickings for cybercriminals, you should be too. It’s a sure sign that it’s time to do something about it.
Implementing the cyber-attack prevention strategies outlined in the GCHQ guide is a good place to start. Cyber insurance is perhaps the best place to finish.
And it seems like charities are already busy protecting themselves. 31% of the not-for-profits that fed back to the 2020 Cyber Security Breaches Survey confirmed they currently have charity cyber insurance in place.
Click on the link to find out more about charity insurance including cyber insurance. Or call the team on 0345 222 5391 if you'd prefer to talk.
And if you'd like to read about what other insurance your charity might need, it's all explained in our simple guide.
Image used under license from Shutterstock.charity insurancecyber liability insurancemanaging riskrunning a business