Charities in the UK are being too complacent about cyber attacks, data breaches and denial of service, says Ecclesiastical. Research carried out by the specialist insurer found the majority of charities (81%) believe they are ‘fully prepared’ to deal with a cyber-attack. Good service from an IT provider (48%) is the main reason for charities feeling secure, while clear protocols and procedures is cited by 17%.
But many charities don’t have adequate systems in place to prevent a cyber breach, the insurer warned. The research found just half (52%) have a cyber security plan in place, while fewer have a specific cyber risk management plan (42%) or cyber insurance (42%) in case the worst happens.
To respond to these issues, Ecclesiastical has launched a cyber scenario planner, designed to support brokers in their conversations with their charity clients and help them assess and understand their cyber risks accurately.
Attacks on charities have been steadily rising in recent years and a third of respondents believe the risk of a cyber-attack has increased in the past year, rising to 40% among larger charities. One recent case saw Red Kite housing charity lose nearly £1 million when fraudsters set up a fake domain and email chain. Following the recent bushfires in Australia, the Red Cross suffered automated cyber attacks by fraudsters keen to bag a $20,000 compo payout, for an incident that never happened of course.
While investment in cyber security has increased in the past year, particularly in larger charities (58%), many charities aren’t doing enough to protect themselves, says Angus Roy, charity director at Ecclesiastical.
“Many charities still don’t see themselves being at risk of cyber-crime, or if they do, they think they can transfer the risk to their IT provider. The fact is that charities are an increasingly attractive target to cyber-criminals.
“While IT providers can implement security measures and controls, it’s not a total solution. Cyber-crime is multi-faceted and can often involve a human factor, so charities need to ensure they have a cyber security plan and appropriate control mechanisms in place.”
The research also found that two-thirds (65%) of charities that have cyber insurance don’t know what it covers.
Angus said: “Charities are buying cyber insurance as a tick box exercise without really understanding how it can help them. Brokers have a vital role to play in helping them understand how cyber insurance can support them.
“The cyber scenario planner supports this process by encouraging decision makers to think objectively about the risks facing them by demystifying cyber-crime. By working through the planner with their broker, it allows a charity to understand the types of threats they face and the types of attack that could take place. It then provides practical guidance on any additional controls required and how insurance cover fits in.”