Alert for charities – cyber crime and how to report to the Charity Commission
This alert provides information and advice to charity trustees about cyber crime and how to report it.
Cyber crime has a number of definitions but will usually involve attacks on, or through, computer systems and networks. It often includes theft of data or disruption of systems to enable further crime.
Dependant on the nature of these crimes, trustees, staff, volunteers and beneficiaries of charities may be adversely affected. Negative publicity could also impact on public trust and confidence in not only the charity affected, but the sector as a whole.
The government Cyber Security Breaches Survey 2019 revealed that over two thirds of high income charities had recorded a cyber breach or attack in 2018. Of those charities affected, the vast majority (over 80%) had experienced a phishing attack, which are fraudulent emails.
With the cost of a breach ranging from £300 to £100,000, charity managers cannot afford to ignore the growing threat posed by cyber crime, in all its forms.
The good news is that advice and guidance is widely available to help you take the right steps to protect your charity.
How you can protect your charity
All charities should be vigilant to the threat of cyber crime and make sure appropriate defences are in place, including raising awareness with their staff and volunteers.
The National Cyber Security Centre (NCSC) have produced a useful guide on how to protect from cyber crimes, it also explains how charities can become accredited under the government Cyber Essentials Scheme.
For larger charities, detailed advice for trustee boards on improving cyber security is available in the NCSC’s new Boards Toolkit.
HM Government also provides timely advice and guidance through its Cyber Aware website.
How to report cyber crime and fraud
If your charity has fallen victim to cyber crime, or any other type of fraud, you should report it to Action Fraud by calling 0300 123 2040, or by visiting the Action Fraud website.
Charities should also report fraud to the Charity Commission as a serious incident.
We require prompt, full and frank reporting of incidents. Serious incident reporting helps us to assess the volume and impact of incidents within charities, and to understand the risks facing the sector as a whole.
Where appropriate, we can also provide timely advice and guidance, either to assist individual charities and get them back on track, or to warn the wider sector about prevalent threats.
The Charity Commission, the independent regulator of charities in England and Wales, is issuing this alert to charities as regulatory advice under section 15(2) of the Charities Act 2011.
Latest News from
New Charity Inquiry: Sree Bharathalaya26/06/2019 12:20:00
Repeated failings and discrepancies prompt second inquiry.
Charity regulator issues formal warning to trustees of grant-making charity21/06/2019 09:20:00
Second inquiry into charity finds repeated failings by its trustees.
Charity chief executive ‘acted in self-interest’ finds regulator17/06/2019 09:20:00
Busoga Association (UK)’s chief executive acted without trustee oversight, with funds unaccounted for, finds Charity Commission
Charity Commission disqualifies trustee from Rigpa Fellowship14/06/2019 09:20:00
Trustee failed to protect people who came into contact with the charity.
Charity Commission reports on inquiry into Oxfam GB: “No charity is more important than the people it serves or the mission it pursues”12/06/2019 09:20:00
Regulator finds culture of "tolerating poor behaviour" at Oxfam GB and concludes charity “failed to meet promises made”
Charity SORP must change to meet “new public expectations”, review panel says07/06/2019 10:05:00
The SORP governance review panel says charity reporting and accounting must be refocussed with the views and needs of the users of charity reports and accounts at its centre
“No evidence of charitable activity” by mismanaged Gaza aid charity, according to critical report07/06/2019 08:20:00
Charity Commission investigation report concludes former trustees of Viva Palestina are responsible for mismanagement and / or misconduct.
New Charity Inquiry: Devon Charitable Trust06/06/2019 09:20:00
Regulator freezes charity accounts following concerns over unexplained transactions.