Charitable organisations support the most vulnerable members of our society, you change lives and enable disadvantaged people to achieve extraordinary feats and we appreciate and respect you for this.
Unfortunately, cybercrime has no morals and looks for weaknesses wherever it can find them, and a combination of factors has led to the charitable sector becoming one of the highest breached sectors out there.
The threat of a Cyber breach is so prominent for charities, the National Cyber Security Centre published charity specific guidance back in 2018 for protection against cyber-attacks, in response to alarming figures published in the government breaches survey. The 2019 survey highlighted that 52% of charities with annual income £500,000 or more report having cyber security breaches or attacks in the last 12 months and 22% of all charities surveyed reported the same.
We are only too aware that charities are often underfunded and understaffed, with many people involved in the charity lacking in training that isn’t directly related to the purpose of the organisation. Unfortunately, this often means that money is saved by reducing spend on areas that you feel are not directly related to delivery and this can leave you under-protected from Cyber Attacks.
For organisations that have never thought about Cyber Security, they should always begin with the government’s Cyber Essentials scheme. It was designed for exactly this reason, it’s an easy to implement critical list of precautions that every organisation should have in place to protect themselves against the majority of attacks, and It can be the foundation on which to build the rest of your security action plan.
In recent years your ability to demonstrate that you take cyber security seriously has become a deciding factor in whether your firm wins or loses public sector tenders. Charities and SME’s that fail to adjust to rising expectations around cyber security risk being left behind when it comes to public procurement opportunities.
Contracts awarded by organisations like CQC (Care Quality Commission), Lottery Fund and MOD are all now requiring Cyber Essentials as a minimum, so as well as securing your business you are increasing the opportunity to be awarded important tenders. Having this certification will make a real difference when bidding for contracts with the public sector.
Based on the Cyber Security Breaches Survey 2019:
£9,470 is the average annual cost for charities that lost data or assets after breaches
Over two-fifths of charities say they have implemented controls in all the five technical areas listed under the Governments Cyber Essentials scheme
More charities have taken actions to identify cyber risks, such as health checks, audits or risk assessments (60%, vs. 46% in 2018).
It is estimated that security breaches will continue to increase in the next year and this year we at TecSec have seen an increase among charities seeking information on Cyber Security.
Certification helps organisations look more attractive to potential partners/buyers and means that you will not be seen as a potential ‘weak link’ in the supply chain. Cyber Essentials certification shows that organisations and their trustees/management are committed to protecting their data and that of their customers from common cyber threats and have put the basic precautions in place. It doesn’t stop there, by becoming certified, you could put yourself ahead of the competition and in turn, may improve your chances of winning more contracts.