How does your charity compare to peers when it comes to cyber risk?
As fundraising increasingly moves online, charities are under pressure to strengthen their digital assets, whether those are public-facing websites or internal systems. Particularly in light of legislation such as the GDPR, data on patrons, donors, employees and partners must be kept secure at all times. What’s more, charitable organisations need to be aware of the cyber risk present in the relationships they have with other charities, companies and individuals.
Of course, perfection in digital security is an unachievable goal because the risk landscape is constantly changing, and the systems you run will also vary over time. And while security technology naturally plays an important role in managing cyber risk, it’s not the only thing you need to consider. Equally important are the risk management processes you have in place and the people who manage them.
Many charities today are a little different from businesses in terms of the sophistication of their internal systems and external web presence. To keep doing good work and maintain vital income streams, charities must compete for the attention of potential patrons and donors. That typically means investing in technology to manage both internal administration and external fundraising, and charities often also work with multiple suppliers and partners. Especially where systems are open to the outside world, data must be secured against the threat of accidental or deliberate breaches. At the same time, core administrative systems must always be available to support the charity’s work.
Guided by the principle that you can only manage what you can measure, Northdoor and RiskXchange have jointly created a report on the readiness of the UK charity sector to mitigate cyber risk. Generated using freely available, open-source data fed into the RiskXchange Cyber Risk Rating Platform, our assessment gives charities like yours a way to benchmark themselves against their peers regarding their cyber-security stance.
Could do better…
The RiskXchange Cyber Risk Rating is scored on a scale of 300 to 900; the higher the score, the less likely an organisation will be hit by a successful data breach in the next 12 months.
By sampling 200 UK charities of all types and sizes, we calculated a weighted average Cyber Risk Rating of 700 for the sector. While the top score was an impressive 867, five different organisations brought up the rear with a measly 513, indicating a medium risk of a security breach.
Hotspots for poor performance in cyber security were seen in application security, email/DNS, network security, and SSL/TLS. For example, not one charity achieved a grade of A or B for application security. With mobile applications becoming ever more popular, the sector clearly needs to up its game. A major breach could expose donors to financial loss, with enormous reputational damage to the charity concerned.
Seven pointers
Our report does not only highlight shortcomings; it also provides seven key recommendations to help you improve both risk management and data protection. Take the first step towards a more secure future by reading the report today, then discover your own organisation’s level of exposure to cyber risk.