Charities too complacent about cyber crime, warns insurer

02 March 2020

Research carried out by Ecclesiastical Insurance found that 81% of charities believe they are ‘fully prepared’ to deal with a cyber attack.

  • 81% believe they are ‘fully prepared’ to deal with a cyber attack.
  • But just half have a cyber security plan in place
  • Two-thirds of charities that have cyber insurance don’t know what it covers
Research1 carried out by Ecclesiastical Insurance found the majority of charities (81%) believe they are ‘fully prepared’ to deal with a cyber attack. 
Good service from an IT provider (48%) is the main reason for charities feeling secure, while clear protocols and procedures is cited by 17%.  
 
But many charities don’t have adequate systems in place to prevent a cyber breach, the insurer warned. The research found just half (52%) have a cyber security plan in place, while fewer have a specific cyber risk management plan (42%) or cyber insurance (42%) in case the worst happens. 
 
Attacks on charities have been steadily rising in recent years2 and a third of respondents believe the risk of a cyber attack has increased in the past year, rising to 40% among larger charities. 
 
While investment in cyber security has increased in the past year, particularly in larger charities (58%), many charities aren’t doing enough to protect themselves, says Angus Roy, charity director at Ecclesiastical. 
 
“Many charities still don’t see themselves being at risk of cyber-crime, or if they do, they think they can transfer the risk to their IT provider. The fact is that charities are an increasingly attractive target to cyber-criminals and if they are victims of a cyber incident, it will be them and not the IT provider that has to deal with the reputational fallout. 
 
“It’s also worth remembering that while IT providers can implement security measures and controls, it’s not a total solution. Cyber crime is multi-faceted and can often involve a human factor, so charities need to ensure they have a cyber security plan and appropriate control mechanisms in place.”
The research also found that two-thirds (65%) of charities that have cyber insurance don’t know what it covers. 
 
Angus said: “Charities are buying cyber insurance as a tick box exercise without really understanding how it can help them. 
 
 “As a specialist insurer, we want to help charities understand and mitigate their risks so they can continue to operate successfully.”
 
To respond to these issues, Ecclesiastical is launching a cyber scenario planner for charities to help them assess and understand their cyber risks accurately. 
 
Angus said: “The planner is designed to help decision makers think objectively about the risks facing them by demystifying cyber crime. Through a self-assessment tool, it allows a charity to understand the types of threats they face and the types of attack that could take place. It then provides practical guidance on any additional controls required and how insurance cover fits in.”

1200 telephone interviews with charity leaders carried out by FWD during September – November 2019.

2 Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media and Sport. 22% of charities admitted a cyber breach in 2019 compared to 19% the previous year.