We have updated OSCR Online - click here for more information on how to submit your annual return

Why are charities at risk?

Published: 12/11/2020
Updated: 12/11/2020

Charities hold funds, personal, financial and commercial data

  • Funds and data have a financial value to a cyber-criminal, whether to use to try and attack another person or to sell on to other criminal entities.
  • In holding funds and data, often with low levels of security protecting it; charities become an easy target to cyber criminals and attackers.
  • While most small charities will not hold a lot of funds, cyber attackers approach most things with a cost vs benefit analysis. If they can get a quick win and get say £1,000 from a poorly protected organisation it’s probably still worth their while. If you put in place the simple, sensible controls, it will add a layer of protection that could be the difference between you being an attractive target or one that is too time/cost consuming to be worthwhile to criminals.

Potentially a route into a ‘bigger fish’ such as a local authority or corporation

  • Many charities, through commissioned services, or grants from local authorities, are now fulfilling roles which were previously done by government, local authorities or larger companies. It is likely that to carry out these roles, the charity will need to share systems with the ‘bigger fish’ and a cyber attacker could use the charity as a route in; causing significant damage along the way.

Low levels of awareness, particularly amongst smaller charities

  • The NCSC’s assessment conducted in late 2017 found that there were low levels of awareness, particularly amongst smaller charities who do not perceive themselves as a target; or even holding anything of value to an attacker.

Culture of trust

  • To be able to achieve their goals, charities have to be open, transparent and trusting of beneficiaries and the public. For example, it is not uncommon for someone to call or email a charity and offer to give them money, no strings attached. This would never happen in a business, because everything is a commodity; which means that charities, by their very nature are potentially open to having their trust exploited by criminals.