CHARITIES are too complacent about the risk of cyber-crime, a leading insurer has warned.
Research carried out by Ecclesiastical Insurance found the majority of charities (81%) believe they are ‘fully prepared’ to deal with a cyber-attack. Good service from an IT provider (48%) is the main reason for charities feeling secure, while clear protocols and procedures is cited by 17%.
But many charities don’t have adequate systems in place to prevent a cyber breach, the insurer warned. The research found just half (52%) have a cybersecurity plan in place, while fewer have a specific cyber risk management plan (42%) or cyber insurance (42%) in case the worst happens.
Attacks on charities have been steadily rising in recent years and a third of respondents believe the risk of a cyber-attack has increased in the past year, rising to 40% among larger charities.
While investment in cybersecurity has increased in the past year, particularly in larger charities (58%), many charities aren’t doing enough to protect themselves, says Angus Roy, charity director at Ecclesiastical:
“Many charities still don’t see themselves being at risk of cyber-crime, or if they do, they think they can transfer the risk to their IT provider. The fact is that charities are an increasingly attractive target to cyber-criminals. If they are victims of a cyber incident, it will be them and not the IT provider that has to deal with the reputational fallout.
“It’s also worth remembering that while IT providers can implement security measures and controls, it’s not a total solution. Cyber-crime is multifaceted and can often involve a human factor, so charities need to ensure they have a cybersecurity plan and appropriate control mechanisms in place.”
The survey of 200 charity leaders also found that two-thirds (65%) that have cyber insurance don’t know what it covers.
Mr Roy added: “Charities are buying cyber insurance as a tick box exercise without really understanding how it can help them.
“As a specialist insurer, we want to help charities understand and mitigate their risks so they can continue to operate successfully.”
To respond to these issues, Ecclesiastical is launching a cyber scenario planner for charities to help them assess and understand their cyber risks accurately.
Mr Roy concluded: “The planner is designed to help decision-makers think objectively about the risks facing them by demystifying cyber-crime. Through a self-assessment tool, it allows a charity to understand the types of threats they face and the types of attack that could take place. It then provides practical guidance on any additional controls required and how insurance cover fits in.”