The current cyber threat to the voluntary sector in the UK remains significant, with a diverse range of threats facing these organisations. Recent reports indicate that approximately 14% of UK charities have experienced cybercrime in the past year, with the most common threat being phishing attacks (GOV.UK). These attacks often exploit human error, such as clicking on malicious links or using weak passwords, which continue to be a major vulnerability. Larger charities, particularly those with higher income levels, are more likely to face such threats due to their more extensive digital infrastructure and data holdings.
A major challenge for the voluntary sector is the varying levels of cyber security preparedness. While some high-income charities have formal cyber security strategies and incident response plans in place, many smaller organisations rely heavily on external contractors or digital service providers for their cyber security needs. This reliance often stems from a lack of in-house expertise, resources, or a dedicated cyber security budget. As a result, these organisations may not be fully equipped to handle sophisticated cyber threats like ransomware or distributed denial of service (DDoS) attacks.
Moreover, there is a noted gap in awareness and adoption of government-endorsed cybersecurity standards among charities. Awareness of frameworks such as the National Cyber Security Centre’s (NCSC) Board Toolkit and the Cyber Essentials scheme remains low, particularly among smaller organisations. This lack of engagement with recognised cyber security practices further exposes the sector to potential attacks.
The increasing reliance on digital tools and platforms in the voluntary sector, accelerated by the COVID-19 pandemic, has expanded the attack surface for cybercriminals. The adoption of advanced technologies like artificial intelligence (AI) and machine learning (ML) is being considered to bolster defences, particularly for threat detection, automated incident response, and phishing prevention. These technologies could play a crucial role in helping charities and voluntary organisations detect and respond to threats more proactively, potentially reducing the impact of cyber incidents.
Case Study: Blackbaud Data Breach 2020
The Blackbaud data breach in 2020 underscored the critical importance of cyber security in the public sector.
Over 100 educational, charitable, and third-sector organisations, including several UK universities and the National Trust, were affected when cybercriminals breached Blackbaud’s systems, a company providing fundraising and administration software. The hackers demanded and received a ransom to delete stolen data, which included sensitive information about volunteers and supporters. Blackbaud’s delayed disclosure of the breach left many individuals vulnerable to further attacks. The incident highlights the need for robust cybersecurity measures and timely communication to protect public trust and data integrity (KP|Law).
Cyber Security Solutions for the Voluntary Sector
To address the dynamic and evolving cyber threat landscape in the voluntary sector, several strategic solutions can be adopted to enhance cybersecurity resilience. Here are some key solutions:
- Implement Comprehensive Cybersecurity Strategies: Organisations should adopt strategies covering risk management, technical controls, training, and governance to tackle cyber risks
- Enhance Awareness and Training: Regular cybersecurity training is essential to prevent human errors like phishing and weak password practices.
- Adopt Advanced Technologies: AI and machine learning can improve threat detection and automate incident responses, enhancing proactive security.
- Utilise Government Guidance and Accreditations: Following government frameworks like Cyber Essentials helps organisations maintain basic cybersecurity standards.
- Develop and Test Incident Response Plans: Incident response plans and regular testing ensure quick action and reduce the damage caused by cyber incidents.
- Engage with Cybersecurity Experts: Voluntary organisations should seek external cybersecurity expertise for assessments, monitoring, and improving their overall security.
- Strengthen Regulatory Compliance and Reporting: Complying with regulations and reporting breaches supports legal adherence and strengthens resilience
- Adopt a Layered Defence Approach: Implementing a multi-layered defence combining technical and procedural controls helps guard against various cyber threats.
Protecting the Voluntary Sector From Dynamic Cyber Threats
The voluntary sector must continue to enhance its cyber resilience through better awareness, training, and adoption of comprehensive cyber security strategies to safeguard sensitive data and maintain public trust. Enhanced collaboration with government bodies, such as the NCSC, and investment in advanced cyber security technologies could be pivotal in addressing these evolving cyber threats.
The Blackbaud Case Study serves as a reminder of the severity of these cyber threats facing the voluntary sector. Join us at the Public Sector Cyber Security Conference to hear from the The National Trust (Europe’s largest conservation charity) aswell as the NCSC, and more. Please find out more below.
Discover our Public Sector Cyber Security Conference
The Voluntary Sector in a Dynamic Cyber Threat Landscape
Henrik Kiertzner, Head of IT Operations (Cyber and Infrastructure), National Trust
Join us at The Public Sector Cyber Security Conference 2025 to receive the latest updates on the threat landscape. Discover the strategies and tactics required to successfully defend your organisation against attacks. Share experiences with your peers around the UK. Find the partners and solution providers you need to meet your challenges and stay secure.
Sources:
Cyber Security Breaches Survey 2024 – GOV.UK
Provides an overview of cybersecurity strategies and their adoption in the UK charity sector, highlighting key challenges and recommendations (GOV.UK).
Cyber Threats Facing the Public Sector in 2024 | Littlefish Insights
Discusses the role of AI, machine learning, and layered defence in mitigating cyber threats for the public and voluntary sectors (Littlefish).
Cybersecurity in the UK – House of Commons Library
Covers UK cybersecurity policies, regulations, and the importance of compliance and incident reporting (House of Commons Library).
Register FREE to access 2 more articles
We hope you’ve enjoyed your first article on GE Insights. To access 2 more articles for free, register now to join the Government Events community.
(Use discount code CPWR50)