Webinar: Beyond Cyber Essentials for charities

  • Many charities are not taking action to manage the risk of cyber threat
  • A lack of skills and knowledge can explain this
  • There is useful guidance available to support small charities

Arunava Banerjee, cyber risk consultant at Zurich shared his insights in a webinar run with NCVO. It was set up to help charities understand cyber security and steps they should take to protect their organisations, as cyber risk becomes an increasing concern for charities.

Losing access to technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally. Yet many charities do not take enough action to manage this risk.

You can watch a recording of the session below. Here’s a summary of what was covered.

Arunava said: “In 2019, the Department for Digital, Culture, Media and Sport (DCMS) reported that over 44% of charities aren’t protecting themselves from cyber attacks as they don’t see themselves as being at risk (see DCMS Cyber Security Breaches Survey 2019 (PDF). Yet according to the DCMC Cyber Security Breach Survey 2020 (PDF), this year, 26% of charities reported a cyber breach. The report also found that only 13% of charities are aware of Cyber Essentials and only 16% have heard of the small charity guide.”

Arunava produced nine questions to help you review your attitude and actions towards cyber security to help protect your organisation.

  1. Are you giving enough attention to identify cyber risks for your charity?
  2. Are you aware of all the key dependencies on your supply chain and their cyber maturity?
  3. Are you aware of HM Government’s Cyber Essential Certification?
  4. Were you aware of the free cyber insurance option with CE Certification?
  5. What are the top three systems which can be considered as your crown jewels?
  6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipient by mistake?
  7. How many members of your supply chain have Cyber Essentials or similar cyber certification?
  8. Do you know whom to get in touch with if tomorrow you face a ransomware attack?
  9. Is cyber high priority for your senior management / trustees?

In the webinar, Arunava considers each of the questions and provides information about how you can mitigate cyber risks.

Further reading