Charity Newsletter

Are you managing your cyber risks?

These days, cyber risk should be high on the third sector’s risk management agenda, as cyber-criminals target charity organisations with increasing frequency.

V irtually every charity and not- for-profit organisation, even non-governmental and non- profit-making ones, operates electronically to some extent in order to perform its key services. This can be anything from a website or online profile or using third-party software to manage back- office requirements such as accounts and payroll. In this article we look at the different types of cyber risks affecting the care sector and what to do about them.

Types of cyber risk When it comes to cyber risks we aren’t just talking about the more obvious hacking incidents – exposure to such risks can also arise from employee and software errors. Since the implementation of GDPR back in 2018, breaches which result in personal details ending up in the wrong hands are now considered major incidents and can see organisations facing fines of up to £17.5 million or 4% of their annual turnover, whichever is greater. Civil claims can also be brought by each of those affected. Digital data therefore comes with increasing legal and reputational risk.

Managing cyber risks Cyber security services, including data risk analysis, data masking (which is the process of hiding classified data with modified content) and vulnerability discovery (the process of researching a piece of software or hardware to evaluate the presence of vulnerabilities), is a fast-growing sector and a trend which is expected to continue and accelerate over the next few years. Cyber security professionals can help organisations with some preventative measures, such as vulnerability discovery and data masking, to help mitigate risks. But whether or not you choose to use them the key point to remember is that third sector organisations should protect their communications and data in the same way that they protect the security of their buildings and property assets.

Cyber risk can be grouped broadly into the following categories:

Of course, some cyber risks are simply not preventable and are fuelled by our dependency on IT, GDPR legislation, and a compensation culture around privacy. Specialist cyber insurance policies can offer policyholders a combination of incident management and access to legal and PR experts, as well as cover for costs such as those caused by business interruption or data issues. An effective insurance policy will help charities and not-for-profit organisations to respond to cyber incidents and boost the confidence of the other parties they provide services for. If you need any help and advice around cyber insurance for your organisation, please email hello@scruttonbland.co.uk or just pick up the phone and call 0330 058 6559 to discuss your needs with our charity and third sector specialists. We already look after the insurance needs of 1000 charities and would be happy to advise you on your requirements.

–  Operational cyber risk - The risk to business continuity if organisations are denied their electronic systems. –  Financial cyber crime - Committed by hacking/spoofing communications, such as fund transfer requests and interfering with website payment links. – Data risk - The risk associated with the increasing amount of data that organisations are holding and transferring. A significant part of information cyber risk relates to the growing legal regulations and sanctions associated with data.

6 | SCRUTTON BLAND | C H A R I T Y

CHARITY | SCRUTTON B L A N D | 7

Made with FlippingBook Learn more on our blog