Cyber attack statistics highlight importance of charities’ internal controls
· Posted on: May 24th 2023 · read
The Department for Science, Innovation and Technology recently published the Cyber Security Breaches Survey 2023, which found that 24% of charities have been victims of cyber breaches or attacks in the last 12 months, compared with 30% in 2022.
The most common breaches or attacks were phishing attacks (83%), followed by others impersonating the charities in emails or online (29%) and viruses, spyware or malware – excluding ransomware (9%). The survey also found that only 31% of charities surveyed were insured against cyber security risks, with board members and trustees failing to recognise cyber security as a risk to the charity.
The findings of the Survey highlight the importance of Not for Profit entities’ internal controls, and have been released in the same month as the Charity Commission’s Internal financial controls for charities (CC8) guidance has been updated.
The revised guidance urges charities to review their financial controls to ensure they helping to protect the charity against risks, including those from newer technology such as cryptoassets.
The revised guidance, which has been redesigned to be more concise and clearer than before, now covers issues that were not in existence or widely relevant when it was first issued. A key section of the revised guidance relates to operational risks, including the risks of fraud and cybercrime. With charities increasingly storing information online, the sector’s exposure to cybercrime is increasing. As such, the guidance suggests charities should have suitable policies which cover:
- access, use, storage and processing of electronic data
- the use of computers and data storage, such as cloud storage and memory cards
- handling breach detection, investigation and reporting procedures
As well as noting that trustees should ensure their charity complies with UK GDPR and other data protection laws, the guidance also suggests charities should have suitable software to protect against viruses and hacking.
All trustees are responsible for their charity’s financial management and therefore the implementation and monitoring of internal financial controls, and ensuring everyone working for the charity understands and follows them.