Charity cyber attacks – costs and recovery

18 April 2019

How much could a cyber attack cost your charity and what help might you need to get back on your feet?

Computer code shown on light blue screen

With just over 70% of charities in our survey telling us they are fully prepared to deal with a cyber attack, it's interesting that just over half have a cyber security plan in place1. After data breaches, the biggest impact charities identified as a concern following a cyber attack was the cost of putting things right,1 but there is often more to a cyber attack than the cost. 

A cyber attack can leave your charity with questions to answer:

  • How will you know how many records were lost? 
  • How will you recover the data? 
  • What will you do if someone takes legal action? 
  • How will you defend against another attack?
  • How will you protect your reputation?
Charities in this situation are likely to require technical support which can also attribute to the cost of dealing with a data breach. Services might include: 

  • legal defence against liability claims 
  • professional IT and forensic services 
  • loss of income due to the attack. 
Legal fines and penalties issued to charities are not usually covered by insurance policies. However, legal defence and compensation awarded to third parties can be. 

How much could a cyber attack cost?

IBM Security and Ponemon Institute examined the costs to companies following the loss or theft of personal data. They found the average cost per lost or stolen record to be £113. Working off the average of £113 as an example, for a charity with 10,000 donor or service user records the cost would come out at a hefty £1,130,000. However, organisations who had an incident response plan in place saved an average of £260,000 per breach2.

Read more about cyber security planning.

Cyber insurance for charities

This is why insurance can be a really important second line of defence. Insurance can help cover these costs and a comprehensive policy will support your charity's longer-term recovery with access to professional help. 

If you invest in cyber insurance, it’s worth understanding what you’re getting from the cover. Some policies may not provide cover for the financial loss resulting from cyber crime. Some policies might only provide cover for targeted attacks and not indiscriminate events that affect many victims. We offer stand-alone policies or cyber enhancements which can be added to your existing charity insurance. You can find out more information by speaking with your insurance broker.
For more information on defending against cyber crime, read our charity cyber guide.