Charities have seen an increase in cyber crime in the past 12 months, the Charity Commission reports.
Ahead of a major awareness campaign, the non-ministerial department said 12% of UK charities had reported experience of cyber crime.
One in eight charities told the Charity Commission their organisation had experienced an incident in the past 12 months, phishing and impersonation being the top two methods cyber criminals have used to commit fraud against charities.
Over half (51%) of charities hold electronic customer records, with 37% accepting online donations. The digitisation of charities, especially during the Covid-19 pandemic, has led to them holding significant levels of personal data, the Commission found.
However, the research also found that only 24% of responding charities had a formal policy in place to manage cyber security risk, and only 55% of charities said cybersecurity was a high priority within the organisation. Just one third (34%) had reported a breach.
“It’s important that charities get in touch with the commission where there has been a serious incident, even where there may be no regulatory role for the commission. This helps the regulator to identify trends and patterns and help prevent others from falling victim to fraud,” the Commission said in a statement.
“Online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk and are therefore exposing their charity to potential fraud,” said Amie McWilliam-Reynolds, Charity Commission assistant director intelligence and tasking.
The findings were published as part of the Charity Fraud Awareness Week. “
We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face and of the advice and guidance available to support them in protecting their charity from fraud,” McWilliam-Reynolds said.
The commission said charities need to take simple steps to protect themselves, including changing passwords regularly, using strong passwords and two-factor authentication, updating training and policies, making back-ups of data using the cloud and making sure antivirus and all other software is patched to the latest version.
“Preventing and tackling fraud is not a ‘nice to have’. It is vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures,” said McWilliam-Reynolds.
UKAuthority recently held a two-day online event with digital decision makers and leaders from across the public on how to strengthen cyber defences. On-demand videos of all sessions and speaker slides from Resilience & Cyber4Good 2022 can be found here