More than half (58 percent) of charities think cyber-crime is a major risk to the charity sector, according to new research into the fraud and cyber-crime risks facing charities.
The research, commissioned by the charity regulator, the Charity Commission and in partnership with the Fraud Advisory Panel, said that almost a quarter (22 percent) believe cyber-crime is a greater risk to the charity sector than other sectors.
Larger charities are generally more likely to appreciate the risk of cyber-crime and take action to prevent it.
In a report, charities see phishing and malicious emails as the greatest cyber-threat (39 percent), followed by hacking/extortion (15 percent) and Distributed Denial of Service (DDoS) attacks (two percent).
Over a third (36 percent) of charities don’t know which type of cyber-attacks they’re most vulnerable to. And nearly half of charities state that the Board has overall responsibility for cyber-security, whilst 15 percent state nobody has responsibility. For the remainder, nominated trustees, chief executives, or IT and finance directors have this responsibility.
Helen Stephenson, chief executive of the Charity Commission, said that charities, like other organisations, rely increasingly on digital technology to deliver on their purposes.
"It is therefore vital that charities take reasonable steps to strengthen their systems against those intent on causing harm. Protecting a charity in this area is not just about systems or financial assets, but also about people: charities hold sensitive data on beneficiaries, staff and volunteers, and have a responsibility to keep that data safe," she said.
Alongside the findings of the surveys, the Commission is launching a new pledge designed to help charities protect themselves. It is encouraging charities to adopt ‘Tackling Charity Fraud - Eight Guiding Principles’, a collective mission statement which the Commission has developed in partnership with the Fraud Advisory Panel.
In related news, the release of the annual Crime Statistics in England and Wales last week revealed a decline in computer misuse and computer virus offences.
While computer viruses fell by 27 percent in the last year (to 442,000 offences), incidents involving unauthorised access to personal information (including hacking) did not change significantly (535,000 offences).
Mike Fenton, CEO at Redscan, told SC Media UK that there were flaws in reporting cyber-crime and other statistics suggested that the ONS figures may be wrong.
"On the same day that the ONS claims there were 977,000 computer misuse incidents in the UK last year, media sources are reporting the existence of botnets capable of sending 30,000 extortion emails per hour. That’s 720,000 incidents per day from just one source, of which there are thousands. Something doesn’t add up," he said.
"The fact that the statistics include just 20,000 offences reported against businesses to the NFIB by Action Fraud also shows that the data is deeply flawed," he added.
"Until the reporting of computer misuse crime improves, data like this should be taken with a large pinch of salt. The fight against cyber-threats is a key issue that businesses need to prioritise and misleading headlines don’t do anyone any favours."