top of page
  • Writer's pictureJared Thompson

26% of Charities identified Cyber Attacks last year

Figures from the Department for Digital, Culture, Media and Sport report showed that 26% (down from 19% in 2018) of voluntary sector organisations had a cyber-breach or attack in 2021.

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, found that 26% of the almost 500 voluntary sector organisations surveyed had reported such activity over the previous year.

26% of Charities identified Cyber Attacks last year

The report showed that 39% of charities said they had suffered cyber security breaches or attacks in 2020, rising to 51% among charities with annual incomes of £500,000 or more.

Of those charities that had suffered attacks, 23% said they had to deal with attacks on a weekly basis.

In the last 12 months, the pandemic has seen more staff than ever working from home. And this is no different for charities with 67% of staff using personal devices for work; the survey found just 20% have a VPN when remote working.

With resources stretched in adapting to the conditions faced in the pandemic, fewer charities report having up-to-date malware protection (69%), network firewalls (57%) and just 32% of charities have completed a cyber risk assessment.

Talk to us about our Cyber Risk Exposure Assessment; it's closely linked to an industry-standard framework and methodology and assesses risks over three fundamental categories; Basic Controls, Foundational Controls, and Organisational Controls.

The most common type of cyber attack for charities was phishing (79%), phishing involves attackers trying to con recipients into giving away personal details or passwords through emails and text messages.

The government encourages charities to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). This includes advice with their Small Charity Guide and advice on erasing data from donated devices. This week the CRC has updated our guidance specifically to help charities boost their cyber resilience.

We recommend:

How can charities improve their cyber resilience?

Make your staff aware of the latest cyber security threats, we offer charities the chance to join us for monthly webinars. Your charity can also encourage your staff to sign up for our free membership, which shares the latest guidance, news and security updates tailored for businesses and charities based in Greater Manchester and the North West.

Our Business Enhanced Membership could also support your charity for a 12-month period also includes Cyber Awareness Training for 15 staff members

Just 23% of charities have a cyber security policy, by signing up for a membership with the Cyber Resilience Centre, we will provide you with cyber security policies & procedure templates. These policies will help you understand the processes in place to protect your company, staff, data and assets.

Your staff must be educated regularly in the changing cybersecurity landscape, the CSBS survey highlighted that just 18% of charities said they had trained staff on cyber security. Unprepared staff are at a heightened risk of being unaware when working from home, returning to the office or starting a new job.

Ready to prepare your staff with security awareness training? Contact us today to learn more.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page