top of page

Survey reveals 23% of charities deal with cyber attacks on a weekly basis

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, found that 26% of the almost 500 voluntary sector organisations surveyed had reported such activity over the previous year.

  • The report suggests the cyber risk to charities has increased during the pandemic (19% reported breaches in 2018).

  • Just 32% of charities have completed a cyber risk assessment and only 18% of charities have trained staff in cyber security.

The report showed that 39% of charities said they had suffered cyber security breaches or attacks in 2020 – the number rising to 51% among charities with annual incomes of £500,000 or more.

In the last 12 months, the pandemic has seen more staff than ever working from home. And this is no different for charities with 67% of staff using personal devices for work, the survey found just 20% have a VPN when remote working.

With resources stretched in adapting to the conditions faced in the pandemic, fewer charities report having up-to-date malware protection (69%), network firewalls (57%) and just 32% of charities have completed a cyber risk assessment.

The most common type of cyber attack for charities was phishing (79%), phishing involves attackers trying to con recipients into giving away personal details or passwords through emails and text messages.

The government is continuing to encouraging charities to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). This includes advice with their Small Charity Guide and advice on erasing data from donated devices. This week the CRC has updated our guidance specifically to help charities boost their cyber resilience.

We recommend:

How can charities improve their cyber resilience? Make your staff aware of the latest cyber security threats, via our free core membership which shares the latest guidance, news and security updates that have been tailored for businesses and charities who are based in the West Midlands. Our Business Enhanced Membership could also support your charity for a 12 month period also includes Cyber Awareness Training for 5 staff members (if you have a bigger team, our Business Premium Membership offers a bespoke cyber security training program to be created and tailored to your charity or organisation). Just 23% of charities have a cyber security policy, by signing up for a membership with the Cyber Resilience Centre for the West Midlands we will provide you with cyber security policies & procedure templates. These policies will help you understand the processes you have in place to protect your company, staff, your data and your assets. Your staff must be educated regularly in the changing cybersecurity landscape, the CSBS survey highlighted that just 18% of charities said they had trained staff on cyber security. Unprepared staff are at a heightened risk of being caught unaware when working from home, returning to the office or when starting a new job. Ready to prepare your staff with security awareness training? Contact us today to learn more.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page