Just 8% of Charities have a Cyber incident management process

The 2018 Cybersecurity Breaches survey shows that many charities are becoming increasingly aware of the cyber risks but still have a long way to go when it comes to implementing effective security.

Just over half of the charities surveyed list cybersecurity as a high priority, and only 8% were shown to have cyber incident management processes in place.

Charities like most businesses and organisations in the modern world are increasingly reliant on IT and technology making them vulnerable to cyber attacks.

Charities are a target

Many charities store personal, commercial and financial data as well as receive monetary donations online making them an appealing target for cybercriminals.

One of the hurdles charities face is changing their way of thinking when it comes to cybersecurity.

Charities seek to raise funds for or offer support to the most vulnerable in our society or assist with other noble causes, which may make them think that no one would attack them. After all, they are doing good work, and no one would stoop so low as to attack them.

Unfortunately, the world doesn’t work that way, and with cybercrime becoming widely available to the masses thanks to automated tools and paid for services, it is often the case that a charity or business not being deliberately targeted but attacked simply because a vulnerability is found and exploited.


Due to the trusting nature of many charities, they are vulnerable to cybercriminals. Phishing campaigns, in particular, have been proven to be effective.

The survey shows that larger charities tend to be more cyber aware. Smaller charities, however, probably don’t consider cybersecurity as a top priority due to concerns that implementing effective security will be costly or due to them not fully understanding it.

In one case reported by the NCSC, a UK charity was defrauded of £13,000 after the CEO’s email was compromised. This allowed a hacker to trick an employee in the finance department to release funds to one of the hacker’s accounts.

Using social engineering techniques and information gleaned from the charity’s website and social media pages, hackers were able to identify who the people with financial authority were.

Just over half of the charities questioned in the survey list cybersecurity as a high priority and only 8% were shown to have cyber incident management processes in place. Smaller charities probably don’t consider cybersecurity as a top priority due to concerns that implementing effective security will be costly.

With cybercrime being an ever-evolving and growing threat charities need to invest in security if they are to continue to operate online. As we’ve said before, cybersecurity doesn’t have to be expensive and implementing the basics can be done quickly and without costing the Earth.

Use CyberScore™

CyberScore™ can be an integral part of any organisations’ cybersecurity. By performing regular scans of networks, it can help you keep on top of any discovered vulnerabilities. The Get Well Plans it produces provides an easy to understand set of suggestions that can help improve the organisation's overall security score.

Unlike a traditional penetration test, CyberScore™ costs nothing to scan a network and generate a score, which can be done as often as you like and just £1 per analysed device for all three reports.

CyberScore™ automatically analyses the data mined from inside and outside an organisation, identifies any vulnerabilities found, and relays this information back to the user, with a rating from 1-10 for the internal assessment and a letter from A-F for the external, along with the option of a Get-Well Plan to remediate any issues.

For further reading visit –





Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try out CyberScore™ for free now!

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup