By Shirley Greer, charity sales director at Scrutton Bland.
For many charities, one of the main outcomes of the last couple of years has been the technological advancements that have happened within their operations. With so many people working or isolating at home, volunteers and staff have been forced to become technologically self-sufficient and adapt to remote connection methods such as Teams and Zoom. Unfortunately, this change has also created new opportunities for cyber criminals to take advantage of our challenging situations, and this is evident in the increasing number of cyber attacks on charities.
How bad is the problem?
A government report earlier this year highlighted that UK cyber-attacks are becoming more frequent. Almost one in three businesses (31%) and a quarter of charities (26%) said they now experience breaches or attacks at least once a week. Charities may imagine that they aren’t on the radar of cyber attackers, but the evidence shows that they are just as vulnerable as other sectors.
It’s not just about the money
As well as the potential financial cost, lost earnings, and data, the reputational impact of a cyber incident can be severe to a charity. As a consequence, they may well need legal support, as well as help with managing the way the incident is managed through internal and external responses and reputational management.
Who is being targeted?
Cybercriminals are indiscriminate in their efforts to breach IT security measures, although any voluntary organisation which lacks basic levels of protection is an obvious target – and many small charities lack proper protection, which makes them very vulnerable. Added to that, it is unfortunately common for employees and volunteers to have little to no training in the identification and prevention of these scams.
What can charities do to protect themselves against cybercrime?
Firstly educate everyone in your organisation to spot suspicious emails:
- Examine the sender: Check that the recipient is real and that any URL directs you to a safe page. Often URLs prompting for login details are fake.
- Keep your password to yourself: It is extremely rare that your IT department (or anyone else) will ask for your password via email.
- Think before you click: Cyber criminals will try and prompt a fast response, so think twice before you click on any link.
- Report it: If you are uncertain about an email, report it. Your IT department should have protocols in place for detecting and deleting suspicious emails.
Secondly, consider cyber insurance. In 2021 the government reported that 79% of the cyber attacks on charities were phishing attacks, 23% were fraudsters impersonating a company to trick the charity into divulging information, and 17% were malware (including ransomware). None of these crimes is covered by a traditional insurance policy. There are many different options for cyber insurance, but almost all will help provide peace of mind by providing:
- Cover for the costs of dealing with data breaches and cyber liability claims
- Cover towards losses from a cyber event
- Cover that helps charities deal with the impact of cyber crime
- Cover for hardware and data corruption
- Access to expert advice and support (eg IT, legal, forensic and media relations) when an incident occurs
- Full claims support following an incident
While financial and data losses for charities and voluntary organisations may not often make the news headlines, the hidden costs and reputational impacts of a cyber incident can be severe. If you’d like to find out more about protecting your charity against the rising threats of cybercrime, get in touch with one of our insurance teams who can explain more. Our brokers have access to a range of insurers and can help you find the level of protection you need at a competitive price – and you could be protected in a matter of minutes.
