What cyber certification can do for charities

Cyber security is an essential part of charity operations, protecting the data of donors and beneficiaries, preventing loss of funds and disruption to services, as well as reputational damage. 

Around a third of charities say they have experienced some form of cyber security breach or attack in the last 12 months. For larger charities (those with an income over £500,000), that percentage rises to 66%. Charities are, simply put, a tempting prospect for cyber criminals,  

Encouragingly, around three quarters of charities (74%) rate their cyber security skills as “fair” or “excellent”, according to the 2024 Charity Digital Skill report. This means that the vast majority of organisations are taking cyber security seriously, while a fifth who say they have poor cyber security or do not engage with it at all have significant room for improvement. 

Becoming cyber accredited with the Cyber Essentials certification scheme can help both of these parties enhance their cyber security. Those that already have robust measures in place but are not yet cyber accredited are missing out on the opportunity to certify their protocols, to communicate to their audiences that they have taken action to protect their data and funds. Charities who are working to improve their cyber security will benefit from a helpful framework to work towards, a guideline that ensures they are putting the right measures in place. 

At its simplest, the Cyber Essentials scheme helps charities ensure that their cyber security is up-to-date with the latest protocols to prevent a cyber attack. It covers five core controls which together reduce the risks of a cyber breach and certify that a charity has taken proper measures to protect itself. IT services provider Wanstor, a certification body for Cyber Essentials’ delivery body IASME, recommends Cyber Essentials as the “baseline for forming a robust cyber security strategy”, and can be particularly effective for charities who are looking to improve their cyber security on a budget. 

“While they may not be able to spend as much on security, a Cyber Essentials certification can be a cost effective way for charities to start forming their cybersecurity strategy,” explains Wanstor. “It can become the first line of defence, helping them protect themselves against some of the most common cyber-attacks. The certification will help safeguard their sensitive data and maintain the trust of their donors and beneficiaries.” 

As October is Cyber Awareness Month, IASME is currently running a charity-specific discount on Cyber Essentials for all who sign up between October 1st and 31st. Charities can sign up for the discount via their chosen certification body, such as Wanstor – you can find full instructions here.  

You can also find out more about Cyber Essentials and how Wanstor can help with their handy guide below. 

Download the guide

The benefits of Cyber Essentials for charities 

Cyber Essentials helps charities take cybersecurity seriously and gives donors and beneficiaries the confidence that their chosen charity is operating responsibly when it comes to their funds and data. 

Research has shown that the charity sector lags behind the private sector in areas of cyber security, with just 26% of charities undertaking cyber security risk assessments compared to 72% of large businesses. Likewise, only 23% of charities deployed security monitoring tools, while more than double the percentage of large businesses said the same.  Fewer than half of high-income charities have a formal cyber security strategy in place, compared to two thirds of large businesses.  

This is where Cyber Essentials can help the most. Cyber Essentials provides charities with a framework to address their vulnerabilities effectively and strengthening their operations against the most common cyber attacks. The five core controls – Firewalls, Secure configuration, Security update management, User access control, and Malware protection – give charities a guide to ensure they are focusing their cyber security efforts efficiently, with the right plans in place should a cyber criminal target them.  

“Cyber certifications provide proof that your organisation meets the required compliance in line with a specific standard such as Cyber Essentials or ISO27001 and has successfully passed the audit and can reassure stakeholders, donors and beneficiaries about the safety of their data,” explains Vlad Birgauanu, Head of Cybersecurity at Wanstor and an IASME-certified Cyber Essentials and Cyber Essentials Plus assessor. 

Furthermore, it is not just donors and beneficiaries whose confidence is boosted by the Cyber Essentials certification. A Cyber Essentials certification is an essential factor in winning contracts with local governments and public sector bodies, as well as demonstrating due diligence for grant funders. Cyber Essentials can boost a charity’s reputation, making it more attractive for donors and anyone looking to invest in your cause and services. 

Wanstor’s guide summarises the benefits of Cyber Essentials neatly:  

How Wanstor can help? 

Wanstor takes a ‘defence in depth’ approach to cybersecurity. As a Certification body for IASME, Wanstor aims to help organisations improve their cyber security maturity in line with the latest recommendations, backed by Cyber Essentials and the National Cyber Security Centre.