Alert for charities – cyber crime and how to report to the Charity Commission
This alert provides information and advice to charity trustees about cyber crime and how to report it.
Cyber crime has a number of definitions but will usually involve attacks on, or through, computer systems and networks. It often includes theft of data or disruption of systems to enable further crime.
Dependant on the nature of these crimes, trustees, staff, volunteers and beneficiaries of charities may be adversely affected. Negative publicity could also impact on public trust and confidence in not only the charity affected, but the sector as a whole.
The government Cyber Security Breaches Survey 2019 revealed that over two thirds of high income charities had recorded a cyber breach or attack in 2018. Of those charities affected, the vast majority (over 80%) had experienced a phishing attack, which are fraudulent emails.
With the cost of a breach ranging from £300 to £100,000, charity managers cannot afford to ignore the growing threat posed by cyber crime, in all its forms.
The good news is that advice and guidance is widely available to help you take the right steps to protect your charity.
How you can protect your charity
All charities should be vigilant to the threat of cyber crime and make sure appropriate defences are in place, including raising awareness with their staff and volunteers.
The National Cyber Security Centre (NCSC) has produced a useful guide on how to protect from cyber crimes. It also explains how charities can become accredited under the government Cyber Essentials Scheme.
Cyber Security: Small Charity Guide.
For larger charities, detailed advice for trustee boards on improving cyber security is available in the NCSC’s new Boards Toolkit.
HM Government also provides timely advice and guidance through its Cyber Aware website.
How to report cyber crime and fraud
If your charity has fallen victim to cyber crime, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or by visiting the Action Fraud website.
Charities should also report fraud to the Charity Commission as a serious incident.
We require prompt, full and frank disclosure of incidents. Serious incident reporting helps us to assess the volume and impact of incidents within charities, and to understand the risks facing the sector as a whole.
Where appropriate, we can also provide timely advice and guidance, either to assist individual charities and get them back on track, or to warn the wider sector about prevalent threats.
Notes
The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.