Why are charities increasingly being attacked by cyber criminals? 

cybersecure charity using secured devices

More than a quarter of charities were reportedly the target of cybercrimes in the last year alone.

In 2021, 26% of charities experienced cybersecurity breaches, which is significant when compared to the 39% of total businesses that were affected. It is, therefore, vital to assess the growing risk of cyberattacks for the charity and nonprofit sector.

With limited awareness of both the risks and the best practices to help fight cybercrime, the number of charities attacked by cybercriminals every year will only continue to grow. So, why exactly are charities increasingly being attacked by cybercriminals and what steps can they take to protect themselves?

Main reasons for charity cybersecurity attacks

There are many reasons charities and nonprofit organisations are falling victim to cyberattacks, from unregulated device policies to supplier risks.

Use of personal devices

Where modern IT equipment can be lacking and office space is often minimal, personal devices including BYOD (bring your own device) policies are often prevalent throughout the charity sector. In fact, 67% of charities (compared to 47% of all businesses) report that their staff regularly use personal devices for work.

Personal devices use can create an opportunity for a cyber-attack because these are often unregulated devices that might lack security, such as regular patching. The National Cyber Security Centre has stated that various older versions of software, such as Windows 7, no longer receive security updates or patches. This will leave devices using this software far more vulnerable to future attack. If charity workers are running older versions of Windows on their personal devices, for example, then the organisation’s data is more likely to be in jeopardy.

BYOD also means that cybersecurity updates and monitoring are far less effective and are even less likely to be carried out. Without regular organisation-wide updates and vital monitoring of devices, charities are far more likely to fall victim to cybersecurity breaches.

The use of personal devices in the workplace has been propelled by the pandemic. With even more charity workers having to work remotely and spending more time working outside of an office, often due to lack of office space and remote working Covid-19 policies, workers are using less secure networks. Less security makes these organisations an even easier target for cybercriminals.

worker using secure ipad for charity work

Assessing supplier risk

According to the Official Statistics’ “Cyber Security Breaches Survey 2021”, 8% of charities do not risk assess their immediate suppliers and a mere 4% risk asses their wider supply chain.

If a charity allows third-party access to IT systems, for example, these suppliers are given an opportune moment to attack. By having the presumption that the immediate and wider supply chain are reliable and trustworthy, organisations are left exposed to cyberattacks.

Attitudes towards cybersecurity

Another reason charities are increasingly vulnerable to cyberattacks may be their attitudes towards cybersecurity itself. Whilst charities acknowledge the importance of cybersecurity, a significant 80% of charities believe that the pandemic hasn’t changed or affected their cybersecurity policies. This oversight may be a contributing factor to the increasing number of cyberattacks.

With the increased use of personal devices, stay-at-home policy and lack of funding caused by Covid-19, administering and monitoring cybersecurity measures has become increasingly difficult, or ignored altogether. With these additional challenges, the already strained resources for cybersecurity have presented charities with increasingly difficult circumstances to ensure they remain as protected as possible.

Cybersecurity responsibility

Ensuring that both organisations and employees are empowered by, and responsible for, their cybersecurity is vital. Only 38% of charities regularly update their board at least quarterly on their cybersecurity plan of action. Many organisations only update top level management, too, leaving many workers without the knowledge needed to protect them.

The more organisations can provide up-to-date knowledge and skills to their workforce on cybersecurity best practice, the greater their resilience to cybercrime. Cybersecurity training is a simple yet highly effective way to prepare charity workers to prevent, and to react to, cybercrime. Your ‘human firewall’, for example, is the biggest line of defence against cybercriminals and should be a high priority for any charity.

Cybersecurity in charity office (1)

The impact of Covid-19

Use of personal devices, assessing supplier risk, attitudes towards cybersecurity and cybersecurity responsibilities are all important factors to consider when assessing the increasing vulnerability of charities. These points cannot be addressed, however, without acknowledging the impact that Covid-19 has had on the working world.

This extremely challenging time for both businesses and charities alike has inadvertently created the perfect opportunity for cybercriminals to take advantage of more vulnerable industries. The distraction that the pandemic created served as a disguise for cyber criminals to remain hidden and carry out their attacks relatively unnoticed.

Yet, despite the virus undoubtably changing the world of work and the experiences of the wider UK workforce, four in five charities reported that the pandemic made ‘no change’ to how cybersecurity is being prioritised.

Need better cybersecurity to protect your charity?

ramsac offer reliable, adaptable, and high-quality IT support services for charities and nonprofit organisations. Not only is a support service available to give you peace of mind, but ramsac also offer cybersecurity training to better equip workers with the essential knowledge to protect themselves and their organisations.

Don’t delay – contact us today to see how we can help protect your charity.

Related Posts

  • The importance of cybersecurity contingency planning for businesses

    The importance of cybersecurity contingency planning for businesses

    Cybersecurity

    Protect your data from cybercriminals and minimise downtime with an effective cybersecurity contingency plan. Read on. [...]

    Read article

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

  • What is Data Loss Prevention (DLP)?

    What is Data Loss Prevention (DLP)?

    CybersecurityTechnical Blog

    Explore how Data Loss Prevention (DLP) strategies and tools protect sensitive data, ensure regulatory compliance, and mitigate risks from insider threats, enabling organisations to stay secure and resilient in [...]

    Read article

  • AI-Driven Threat Detection and Response

    AI-Driven Threat Detection and Response

    AICybersecurityTechnical Blog

    This blog explores how AI-driven cybersecurity is transforming threat detection and response with real-time, adaptive defenses against evolving cyber threats. [...]

    Read article

  • Why you should invest in Cybersecurity Consultancy

    Why you should invest in Cybersecurity Consultancy

    Cybersecurity

    n an increasingly complex cyber threat landscape, investing in cybersecurity consultancy is essential to protect your business from potential risks and ensure long-term resilience. [...]

    Read article

  • Everything you need to know about the transition to ISO 27001:2022 

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?