Cyber Security Among Charities
The Department for Digital, Culture, Media and Sport published a report as part of its National Cyber Security Strategy. This found that charities lack skills and understanding about cyber security, and it is assumed that the issues are less relevant for charities than companies.
This is considered to be more of a risk for smaller charities, for a number of reasons. Cyber security is thought to be the responsibility of one nominated official, and with demands on time and resources, this can be deprioritised. Smaller charities are more likely to focus their resources on fundraising and delivery.
In addition, it is suggested smaller charities may have older trustees, who may lack IT skills and find it hard to engage in cyber security discussions. With no one to champion the issue, it can over time become neglected.
The charity sector has a cultural emphasis on costs, so some charities may find it hard to justify spend on cyber security, especially if they are not well versed in its potential implications.
The government has committed to working with the Charity Commission to produce tailored guidance for charities, and the Charity Commission urges that charities take advice from the Charities Against Fraud website, to protect against loss of funds, sensitive data, and reputational damage.
As previously mentioned in past editions of eNews, our firm has a cyber risk diagnostic tool called Rizikon, which is available for clients that have concerns in this area.