As technology, internet penetration, and digitization are on the rise with the rapid emergence of the fifth generation of mobile networks, it’s fair to say that almost anyone is susceptible to cyberattacks.
Charity and non-profit organizations are no exception; with incidents including, funds being stolen, data breaches, phishing attacks, and criminals mimicking charity websites to request more donations for malicious intent, according to a report by the UK’s National Cyber Security Center (NCSC).
“Some charities are aware their data is sensitive, valuable and vulnerable to attack. However, the NCSC believe that many charities – particularly smaller ones – do not realize this and do not perceive themselves as targets,” the report said.
Organizations around the world have spent a whopping £100 billion to arm themselves against cybercriminals, while the figure mentioned will likely increase more than 10 percent during upcoming year, according to numbers by Gartner.
“The reason for this huge expenditure on cybersecurity is clear: cybercrime costs organizations more than £450 billion in damage, lost productivity, lost business, and other drains or resources every year,” according to the UK government’s Home Office Science Advisory Council.
In parallel, big organizations aren’t the only target of hackers, almost 60 percent of small and medium enterprises (SMEs) and charities cease to exist within six months of falling victim to a cyberattack, as reported by US-based National Cyber Security Alliance.
Why charities need cybersecurity
The main reason that hackers seem to target more charities and small businesses rather than big companies is primarily due to their weak security and IT system that hackers can easily work around and manipulate to their favor.
Cybersecurity breaches have increased by 11 percent since 2018 and 67 percent since 2014, according to Accenture, and naturally, lack of effective cybersecurity explained many of these breaches.
A data breach for charities could have a vast array of devastating risks that accompany it, especially from a financial perspective since loss of revenue fundraising is considered the beating heart of any non-profit; according to the AME Group 38 percent of attacks can witness revenue drops of 20 percent or more.
What’s at stake?
A well targeted cyberattack can by all means cripple a charity’s operations, since a ransomware attack can make a non-profit’s CRM system unusable, holding it back from running targeted fundraising campaigns while exploiting it for malicious benefits.
In parallel, a successful data breach can put a charity’s supporters at risk – leaked personal details such as addresses and financial information, which would subsequently lead to a loss of reputation and trust toward the non-profit entity.
In addition, the damage could have more crippling effects when productivity heavily dips in efforts to either restore the stolen data or funds, or by taking the time to assess the breach and taking the necessary steps to restore or prevent future ones. Or, if a website is taken down by an attack, getting it back up online will take some time, which is lost time.
And there’s also the painstaking task of informing supporters, doners, and shareholders of the attack that would bring a tidal wave of doubt and criticism to the charity, risking its existence if efforts to restore faith are unsuccessful.
It is important to note that the repairing costs post-cyberattack are relatively expensive, couple that with the mountain of legal fees that have to be paid, and in some cases fines issued by regulators which may need to be paid due to the breach caused by a failure to comply with regulations such as the GDPR.
And this in and of itself can lead to a charity’s closure caused by the heavy price tag it will have to pick up post-attack.
Charities and non-profits have a critical mission to provide aid and support to vulnerable members of society, which is why it’s more disheartening to know they are likely targets for cyber criminals.
This is why it is crucial for these organizations to be at the forefront of cybersecurity, not only for the work they do, but also for their possession of valuable information of donors, philanthropists and the likes that need to be protected at all costs.