Early findings from our State of Cyber Security survey

Cyber security is a hot topic for charities at the moment. The pandemic has put strain on already limited resources and cyber criminals have taken advantage.

 

According to the Department for Digital, Culture, Media and Sport, more than a quarter of charities faced a security breach in 2020, including 51% of high-income charities.

 

Earlier in 2021, the National Cyber Security Centre (the UK Government’s cyber security agency) conducted a survey, in collaboration with Charity Digital and Avast, to gauge the attitudes and capabilities of the UK charity sector when it comes to cyber security.

 

The aim of the survey was to improve our understanding of charity cyber security and to identify areas of improvement and vulnerability. The preliminary findings were a mixed bag – both hopeful and sobering.

 

Here, we outline some of the initial results from the survey and what they mean for the charity sector moving forwards.

 

 

The good news

 

The good news is that charities understand the importance of cyber security. More than 95% of respondents think cyber security is important, with seven in ten citing it as extremely important.

 

The gravity of the cyber security situation seems to have been felt more keenly since the start of the pandemic. More than four in five organisations told the survey that their attitude or behaviour to cyber security had changed since the pandemic.

 

The less good news is that a quarter of these changing attitudes were down to experiencing a breach firsthand.

 

There is yet more reason for optimism in that charities have responded to the risk with more education and more robust resources. Nearly half have installed more cyber security software , while 46% have invested in more training and attended more cyber security events. A fifth of respondents said that cyber security was talked about in board meetings.

 

Fortunately, cost no longer seems to be as much of a barrier to cyber security in the charity sector. Of the organisations who hadn’t changed their attitudes towards cyber security after the pandemic, the cost of implementing cyber security policies and procedures was only cited by 1% of respondents.

 

 

The bad news

 

The bad news is that charities don’t rate their own cyber security highly, despite being aware of how vital it is to their operations and reputation. When charities were asked to rate their cyber security out of ten, the sector average came out at just six.

 

Yet, of those organisations who said their attitudes towards cyber security hadn’t changed since the pandemic, 68% said it was because they already take cyber security seriously. More than one in ten said they had other areas of priority and focus, while 7% felt they lacked the required skills and training to improve.

 

More worryingly, 5% said outright that they were not worried about a cyber security breach. Given the risks that cyber threats pose – leaking sensitive data, disruption to service delivery, reputation damage – it remains disheartening that any charity would not be concerned over a data breach.

 

More than three quarters of charities said they dealt with sensitive user data, so breaches of this data should always be highlighted as a risk for these organisations.

 

 

What next?

 

The full results of the survey are yet to be released, but we can already see that there is work to be done when it comes to helping charities fully embrace cyber security. It is no longer an awareness issue, rather one of resources.

 

Do charities have the right processes and training in place in order to deal with the rising tide of cyber threats?

 

Education is often the first line of defence. The NCSC offers plenty of resources to help charities strengthen their online security, while cyber security tools such as Avast can also help, providing useful tips and guides to security online on its blog and on the Avast Academy page on its website.

 

Charities and eligible non-profit organisations can also access a discount on Avast’s products when purchased through the Charity Digital Exchange. Avast currently protects and serves more than 400 UK charities across 5,000 devices through this partnership.

 

With concerns over how charities can protect themselves in a hybrid office environment, Avast is also hosting a free learning session around how to protect our devices as we embrace new working practices, such as hot-desking and BYOD (Bring Your Own Device).