Skip to content

Protecting your charity clients against cyber crime

In February we launched our guide to Risk in the Charity sector , bringing together all the insight we have gathered through working closely with our charity partners, brokers and customers. 

The guide shares our perspective on some of the topics they’ve told us are most important to them at this time including Data Protection/GDPR, Funding and Cyber crime. You can download the guide here

Over the next few months we will be taking a closer look at some of these areas and giving a more in-depth view with guidance on how to help reduce the risk of these issues affecting your clients.

This month we are focusing on cyber crime. Over the last few years, cyber crime has been a growing problem, with a reported increase of 38% in cyber incidents.1 Last year, 68% of charities identified cyber as a key concern for them in 2018.2 

The most common attacks experienced by charities we interviewed were:

  • Ransomware 41%
  • Phishing 35%
  • Malware 24%
  • Other (website or phone) 18%
  • Denial of Service 6%
  • Password attack 6%

Why are charities under attack?

The government organisation National Cyber Security Centre identify charities as having the same risk as businesses: 

"Charities are subject to the same cyber vulnerabilities as other organisations and businesses that conduct financial transactions, and rely on electronically held data or information to conduct day-to-day operations." 

What makes them more vulnerable than businesses in some ways, is a lack of digital skills in-house to implement defences, as the NCSC also identified: “The culture of openness in the sector makes charities particularly vulnerable to some types of cyber criminal activity, such as cyber-enabled fraud and extortion.”

Lloyds Banking Group conducts an annual survey to assess the digital maturity of charities. In 2017, the UK Business Digital Index found that 49% of charities lack basic digital skills and more than 75% do not intend to invest money in this area.3

What does cyber crime mean for charities?

The consequences of a cyber attack can be far-reaching and include risks such as negative impact on their reputation, loss of data as well as the financial impact, but the risk of cyber crime itself also causes concern. Data breaches can happen simply by leaving a laptop on a bus but there are ways of protecting against these risks. 

In response, we’ve put together a guide of the risks in the sector which are most regularly experienced by charities. Endorsed by the Charities Security Forum, it’s the ideal tool to share with your charity clients to help them navigate their way through what is often perceived to be, a daunting area to tackle. The guide also highlights the areas where cyber insurance can help support charities, an area we have recently enhanced in our new Charity and Community product which includes an optional cyber section.

David Britton - By David Britton, Charity Director


The rise of cyber crime continues to accelerate    

2 Ecclesiastical annual tracking survey 2017

3 Lloyds UK Business Digital Index 2017 


Contact our broker support team

Tell us your challenges - we're ready to help with expert advice, solutions and support. Experience the Ecclesiastical difference for the broker.

Ecclesiastical Insurance Group plc (EIG) Reg No 1718196. Ecclesiastical Insurance Office plc (EIO) Reg No 24869. Ecclesiastical Life Ltd (ELL) Reg No 243111. Ecclesiastical Financial Advisory Services Ltd (EFAS) Reg No 2046087. Ecclesiastical Underwriting Management Ltd (EUML) Reg No 2368571. E.I.O. Trustees Ltd Reg No 941199. EdenTree Investment Management Ltd (EIM) Reg No 2519319. All companies are registered in England at Beaufort House, Brunswick Road, Gloucester GL1 1JZ. EIO and ELL are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 113848 (EIO) and 110318 (ELL). EFAS and EIM are authorised and regulated by the Financial Conduct Authority. Firm Reference Number 126123 (EFAS) and 527473 (EIM). EUML is an appointed representative of EIO who is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 402228.