Guest blog by the National Cyber Security Centre (NCSC).
The Cyber Security Breaches Survey is an annual report by The Department for Digital, Culture, Media and Sport (DCMS). It reports on how businesses and charities are responding to the cyber security threats they face.
It’s welcome news that more charities than before have taken positive steps to improve their cyber security, according to the Cyber Security Breaches Survey 2019.
Since launching the National Cyber Security Centre (NCSC) small charity guide in March 2018, NCSC have worked in close partnership with bodies across the sector.
Together we are working to raise awareness about the cyber crime threat and provide practical actions charities of all sizes can take to protect themselves.
Results from the charity sector
These survey results are the first indication that collective efforts across the sector are contributing towards a positive change.
Amongst charities, the biggest statistical shift in the survey has been how cyber security is viewed by trustees and senior managers, with an overall 22 point increase over 2018’s results.
Strong increases are seen across small, medium and large charities, with cyber security now being seen as a high priority in 68% of charities with an income under £100,000; 82% of charities between £100,000 and £500,000; and 94% of charities with an income over £500,000.
We know that cyber security breaches can be costly and disruptive for charities, and this year’s report backs that up. The average cost of all breaches or attacks identified in the last 12 months by a charity is now £9,470.
But the costs of a breach vary, with organisations quoting figures between £300 and £100,000 depending on the severity. At the top end, this amount could be crippling for some charities.
Phishing attacks and prevention
Phishing remains the most common form of attack on charities, with 81% of those who identified an attack or breach listing fraudulent emails as the cause. Technical measures are important in stopping these attacks but the strongest link remains staff, trustees and volunteers.
It’s vital to help staff, trustees and volunteers understand their critical role in protecting the organisation and we give them the information on how to report a phishing email.
The General Data Protection Regulations (GDPR) impact
The introduction of GDPR in May 2018 has influenced the sector’s approach to cyber security.
A third of charities made changes to their cyber security as a direct result of GDPR. Most commonly, these changes were new policies and staff training.
The report also indicates that GDPR will have sustained impact as charities continue to adjust their approaches to cyber security.
Just ask for help!
47% of charities have looked for external help with cyber security in the last year, up from 36% in 2018. This is very positive news but we shouldn’t be complacent.
There are still many charities who are yet to take action and, even for those that have, they still need to keep up to date with advice as the cyber crime threat to charities continues to evolve.
NCSC will continue to work with our partners across the sector to share our advice and guidance in places that charities know and trust. We will also be providing even more local training and workshops with sector partners over the coming year and beyond.
Information and dates for NCSC training will be added to our website regularly over the coming months - so keep a look out!