The biggest risks to charities (and how to prevent them)

A charity’s reputation can be difficult to define. It is an intangible asset, the value of which depends on how good or poor it is in the eyes of its many audiences.

 

While reputation can be subjective, the value of a good one is immeasurable. It can affect everything from fundraising, recruitment, service delivery, and more. Charities that have experienced high-profile reputational crises have seen firsthand how the damage can affect their operations and their ability to fund them.

 

In 2022, the picture largely looks good for the sector. Charities are, for the most part, very well-regarded, according to a report from the Charity Commission, with trust in the sector remaining “higher than in most other parts of society”.

 

However, the report also identifies a “stubbornly persistent skepticism regarding how charities use their money and how they behave”.

 

Efficient spending, transparency, and ethical practices, including the protection of donors and beneficiaries’ data, are all part of managing a reputation and keeping it clean. Without this, a charity cannot attract new donors, win grants, attract talented staff, retain supporters, or, consequently, serve their communities.

 

In this article, we explore what a good reputation means for charities, the most important risks they face that can cause reputational damage, and how to mitigate risks for the benefit of their audiences, both within and outside the organisation.

Skip to: Understand the value of reputation
Skip to: Identify the most common reputational risks facing charities
Skip to: Map your risk and protect your reputation
Skip to: Manage your risks and respond appropriately

 

Understand the value of reputation

 

A good reputation takes a long time to build, but no time at all to damage. High-profile issues such as data breaches and financial misconduct can easily affect even the most previously stalwart of organisations. It is estimated that humanitarian aid charity Oxfam lost 7,000 of its regular donors, and up to £16 million of funding, as a result of severe wrongdoing by former workers in Haiti.

 

Similarly, data protection compliance and GDPR was highlighted as one of the top ten risks facing charities in 2021 by professional services firm Grant Thornton. Not only will any resulting fines affect a charity’s bottom line, but donors and beneficiaries will become more circumspect about the information and funds they give to that charity.

 

Research has also shown that overall efficiency and philanthropic impact are the two most researched elements about charities by potential supporters. With a wave of charity aggregators, such as Charity Clarity and Give What We Can, donors and beneficiaries are more informed than ever about how a charity operates. It is up to charities to ensure that their reputation is good and that their behaviour matches it.

 

Maintaining a good reputation can also have an impact on retention and recruitment of employees and volunteers. Research from the Public Relations and Consultants Association and YouGov found that company reputation was the third biggest consideration for UK workers when joining a new organisation.   
 

 

Identify the most common reputational risks facing charities

 

There are many risks facing charities in 2022 and beyond, including an increase in cyber threats and subsequent data breaches. Charities deal with a lot of data, used to improve services and enhance the donor experience. Failing to protect it is not only unethical or even unlawful, but also can lead to a wave of negative sentiment that can redefine how a charity is perceived by the public.

 

The risks facing charities do not exist alone—they are all interconnected. Lack of compliance with data regulations can lead to financial instability, for example, if donors choose to avoid giving funds to a charity that is seen to be careless with their personal details.

 

Similarly, improper governance can lead to failures in other areas of the organisation. Poor leadership can lead to a poor organisational culture, which can in turn affect staff turnover, volunteering, and how a charity spends its time and money.

 

It is important that charities think about reputation in all areas of their operations. Here, we outline some of the most common reputational risks facing charities today.

 

 

Financial instability

 

The rising cost-of-living, a looming recession, and the implications of COVID-19 and subsequent restrictions have all led to a tumultuous time in the charity sector.

 

Rising demand for services combined with fundraising constraints mean that financial instability has become an increasing concern for charities. Seven in ten charities said COVID-19 negatively impacted their financial position in 2021, while 60% said they experienced a loss of income from charitable activities.

 

 

Data protection, compliance, and cyber security

 

There have been a spate of high-profile data breaches in the charity sector over the last few years, with some organisations receiving large fines from the Information Commissioner’s Office (ICO) for failing to protect the data of their users.

 

Charities are a prime target for cyber criminals due to the large amount of data they hold and the limited resources available to invest in protecting it. Charities are more likely to have less robust cyber security protocols in place, particularly micro-organisations (those with a turnover of less than £10,000).

 

Failing to protect data can lead to reputational damage that can have a far greater impact than any fine from the ICO. It can lead to a lack of trust between a charity and its audiences, trust that fuels fundraising efforts and attracts program participants.

 

Charities should also consider the importance of safeguarding when it comes to cyber security. Charities have a duty to ensure that the vulnerable people they work with and for are protected. Failure to put proper safeguarding measures in place is a dereliction of that duty. This includes protecting their personal data and protecting what they are able to access.

 

 

Inefficient use of resources

 

Simply put, donors want to know that the money they give to a charity is going to help the communities or mission they support.

 

Inefficiency covers everything from marketing budgets to failure to digitally transform. The latter shows an unwillingness or an inability to modernise and raises questions about whether charities are using their time and resources in the most effective way.

 

Donors cannot be sure where their donations are going, making them question whether it’s the most effective place to give their money.

 

 

Governance, leadership, and culture

 

Poor governance and leadership means that charities fail to meet their strategic, ethical, and regulatory objectives. It means that the Board is failing to direct the organisation in the right way to achieve the charity’s mission.

 

When crises hit, leaders are very often the face of the organisation. It is important that they are seen to be helming the ship and are held accountable for their decisions. Poor leadership is both an internal and external matter. It can impact recruitment (employer review sites like Glassdoor have made this possible) and is seen to reflect the ethics of the organisation itself.

 

Map your risk and protect your reputation

 

Risk mapping is a data visualisation technique that helps organisations to see the biggest areas of risk in their organisation and develop plans to target them accordingly. In a crisis, there is little time to plan an effective response, so preparing one in advance is key.

 

Preparation ensures that everyone on your team is aware of their individual responsibilities and frees up time for the organisation to be flexible when circumstances change. Being aware of the risks also means you can get the right systems in place to prevent them occurring in the first place, such as cyber security software and hardware.

 

Being prepared for risks involves knowing the most important ones. Every charity is different. Each organisation can use a risk map to determine how likely a risk is (for example, 50% of charities think they are likely or very likely to experience a cyber attack) and acknowledge how it will affect other areas of their operations.

 

A cyber breach might affect a charity’s ability to deliver services, for instance, if technology is rendered unusable. Failure to adhere to GDPR can impact fundraising because donors refuse to donate to a charity they no longer trust.

 

Charities should always include the regulations they need to adhere to as part of their risk mapping and regularly review them to ensure they comply.

 

There are many risk mapping templates available online, such as this one provided by collaboration tool Miro. Charities can use these templates to prioritise the risks, colour code them according to urgency or threat level, and create a plan of action to mitigate against them.

 

 

Manage your risk and respond appropriately

 

A charity’s reputation lives and dies on how well they respond to risks. In a crisis, it is not always the situation that poses a threat to reputation, but the response to it.

 

This could mean anything from a formal apology to an investigation. Whatever response is chosen, keeping your reputation intact depends on honesty and clear communication. The quicker you can respond the better, but this does not mean rushing statements out before you know the situation yourself. A few details are better than the wrong ones.

 

For example, if your charity has suffered a cyber breach, it is crucial (and often legally required) to communicate this as quickly as possible once you have all the details.  Even if you do not have the details, you can still communicate that. Misinformation breeds in a vacuum—let your people know that something is happening and that you’re addressing the matter. Ask them to take immediate actions if they need to, like changing passwords. Then maintain regular updates as needed.

 

 

Saying sorry

 

When the time comes for a charity to make an apology, the most important consideration is making it sincere. An apology is not for the organisation, but for the people the crisis has affected, both directly and indirectly. Charities must consider all stakeholders, from donors to service users, trustees to volunteers.

 

Some tips for a good, meaningful apology include avoiding templates and always starting with understanding. Even if you are explaining your position, rather than apologising (only recommended if it is certain there has been no wrongdoing on your part), acknowledge the situation and how it has affected the person complaining.

 

Be specific about the situation in question, avoid generic platitudes, and remember that your followers will likely see more than one communication from you. If your messages look the same time after time, they will be seen as less authentic and will damage your reputation.

 

 

Making change

 

The next step in making amends is being clear about the steps you are taking to change the situation. It is said that actions speak louder than words and this is particularly true in matters where your reputation is at stake. Charities must demonstrate the preventative measures they will implement to ensure the situation does not happen again, as well as express dismay that it did.

 

This could be as simple as sharing your commitment to cyber security protocols. It does not have to be covered in great detail, but reiterating that there are policies and software in place to keep data secure is comforting to potential donors and beneficiaries. It shows thought and consideration as well as giving your audiences a promise to hold you accountable to.

 

 

Committing to transparency

 

Reputation, transparency, and accountability go hand in hand. Covering up potentially damaging matters only adds to the seriousness of the situation. Being transparent about your processes and values.

 

Transparency means making information easy to find for all your supporters, including regulatory information such as gender pay gaps and diversity of your workforce.

 

Though it is sometimes mandated in law for organisations to share this information, publishing it and making it difficult to find looks like you’re hiding it. Clear navigation, signposting, and creating a designated area of your website where this information can be found are all ways that charities can be transparent in the eyes of their audiences.