Average cyberattack on charity costs nearly £10,000, study reveals

More than two-thirds of high-income charities recorded a cyberattack or data breach in 2018, a new study has revealed.

The finding forms part of the Charity Commission’s nationwide Cyber Security Breaches Survey 2019.

The report is based on the data of thousands of organisations across the country with a focus on attitudes to cybersecurity and the impact of breaches.

Cybercrime usually involves attacks on computer systems and networks and often includes the theft of data or disruption of systems to enable further crime.

According to the study, around 15 per cent of smaller charities (those with an income of less than £100,000) experienced a phishing attack last year, while two per cent reported a virus and the same number had fraudsters impersonating them in emails or online.

The figures are much higher for high-income charities (those with an income of £500,000 or more), with 46 per cent reporting phishing attempts, 18 per cent reporting viruses, and 22 per cent reporting impersonation.

As a result, 75 per cent of all trustees and senior managers now see cybersecurity as a top priority, up from 53 per cent the year previous.

The poll suggests, however, that the General Data Protection Regulation (GDPR), and not the rising threat of cybercriminals, has played the biggest role in this sweeping change to attitudes.

The new EU-wide data protection act, which came into effect in May 2018, introduced new standards and tougher penalties for organisations who fail to protect consumer data.

But despite a year-on-year increase in awareness, a large number of charity trustees – particularly those from low-income organisations – are still failing to prioritise cybersecurity at their organisation.

And with the average cost of just one cyberattack or data breach costing a charity £9,470, this is an alarming finding.

Commenting on the results of the data, the Charity Commission reiterated that a cyber breach could not only impact on public trust and confidence in the charity affected but the “sector as a whole”.

“All charities should be vigilant to the threat of cybercrime and make sure appropriate defences are in place, including raising awareness with their staff and volunteers,” said the regulator.

The full report can be found here. For help and advice with cybersecurity at your organisation, please get in touch with our expert team.

Lisa Weaver

Head of Audit and Assurance lisa.weaver@thornewidgery.co.uk