We read a lot of reports and to save you the trouble we thought we’d put some recent Charity cybersecurity facts we have found in a recent Iomart report in this Blog Post, and to continue our Cyber Awareness effort #BeSmarterThanAHacker.
First off, we have collated some relevant stats from the NSCS Breaches Report 2023 (annex – Charities) which gives you a great picture of the state of Cyber Security within Charities. You can download this here: Charities and their Cyber Security. Too many facts to detail.
Iomart in their State of Cyber Security 2023/2024 report had Charities sitting on the high end of organisations experiencing cyber incidents, with along with Finance, Healthcare and Government “all seeing at least 31 incidents a year.” Charities are also likely to feel that they have budget limitations and that there are too many Cyber Security products”.
When asked how much was spent on vulnerability assessments, penetration testing or red team activities Charities, unsurprisingly, spent the least of all 12 sectors looked at – with 28% of Charities spending less than £10,000 (and 93% spending less than £50,000) a year. Transport was the only other sector with > 10% (17%) spending less than £10,000.
When asked what Cyber threats were of the greatest concern Charities gave malware as the highest (66% of all) followed by Phishing (45%) and Ransomware with 44%. Most sectors are broadly similar but Charities (34%) along with the Legal Sector (40%) see identity Theft as being of major concern when compared to other sectors.
How do you cope with tight budgets and high threat?
We have more than 80 Charities as clients and one reason for this is our data protection expertise, another is having solutions that that reduce total cyber spend and the number of solutions…like WatchGuard’s (we are UK Gold Partners). Full Network Protection along with Multi-Factor Authentication and Password Manager, Secure Cloud Wi-Fi and Endpoint solutions – and if a client has them all intelligence is shared between them giving our Client a SIEM like solution.
If budgets are very tight with limited scope to do much at all the one thing you can do is ensure that your colleagues understand the importance of cyber-security, that the organisational culture is forgiving and not one of blame, and that you have regular employee training.