ICAEW.com works better with JavaScript enabled.

Charities battle seismic shift in cybercrime

Author: ICAEW Insights

Published: 19 Mar 2021

Charities are being exposed to greater cyber risks than ever before as a result of the pandemic, at a time when dwindling income and huge demand for their services means many may be taking their eyes off the cybersecurity ball.

Charities need to focus on practical and proportionate prevention, with strong detection and response measures in place and good governance and oversight arrangements of how risks are managed, Sayer Vincent urges. “Charities need to ensure sufficient resource is made available. There also needs to be more awareness-raising within organisations to counter the people risk factors and clear accountability to ensure continuous improvement.”

In July, the Charity Commission confirmed that it had received 33 serious incident reports from UK charities including Crisis and mental health charity YoungMinds informing the regulator that they had been affected by a ransomware attack on Blackbaud, one of the largest providers of fundraising, financial management, and supporter management software to the UK charity sector.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, told ICAEW Insights: “With security protections in place. By familiarising themselves with our guidance and following the practical steps, charities of all sizes can significantly reduce their chances of falling victim to cybercriminals.”

Kristina Kopic, ICAEW Head of Charities, said engendering the right culture was critical to preventing cybercrime or dealing with it effectively. “Support your staff, raise awareness of the risks and have a culture where people feel free to ask questions and report.”

Kopic warned that unless charities tackled cybercrime head-on, they were exposing themselves to both financial and reputational risks, which could have an impact on future donations. “Make the trustee board aware of the internal controls in place, including how often you back up, how often you install updates and what your plan is. Understand what systems are being used for home working and who’s responsible for them.” 

Further resources: