Data protection



A quarter of charities reported having cyber security breaches or attacks in the twelve months to January 2020

Cyber attacks


Cyber-attacks are unfortunately an ever increasing threat to the charity sector and have been cited as one of the ways fraud has been perpetrated against charities during the pandemic.

Even before the pandemic, a report by DCMS into cyber-attacks found that a quarter of charities reported having cyber security breaches or attacks in the twelve months to January 2020. Amongst high-income charities, this increased to 57%. The report also found that there is now greater Board engagement with cyber security and more charities are carrying out cyber security risk assessments than in 2018, when the study was last published.

At the beginning of 2020, housing charity Red Kite Community Housing revealed that it had lost nearly £1 million as a victim of a sophisticated cyber-crime. On a statement on their website, Red Kite said they were specifically targeted as a charitable organisation. The criminal had mimicked the domain name and email address of known contacts providing services to Red Kite, and due to human error, the change in account details was not verified according to procedures in place. In a statement, Red Kite noted that there is always a risk of human error and so it is important to have an open conversation in the sector, so others reflect on their systems and staff training.

Online harms – proposed new regulatory framework

In December the Government published a full response to the Online Harms White Paper Consultation. Following publication of the response, an Online Safety Bill will be brought forward when parliamentary time can be found. Charities are included in the scope of the legislation, which will require companies to move quickly to remove any harmful content encountered online.

The laws will apply to all companies that host user generated content, or allow UK users to talk to other people online. The legislation will set out categories of harmful material and in particular, what material children must be protected from. Ofcom will be appointed as the new online harms regulator.