A new report by the Charity Commission has highlighted the scale and pervasiveness of cyber attacks on charities. As should be obvious by now, the random nature of most cyber crime means that being a charity of any type or size is not a defence or likely to limit your risk.
Although almost all Boards recognise cyber as a major risk it can be tempting to file it under the 'too difficult to understand' or 'S.E.P.' (someone else's problem). That someone might be your ISP or your outsourced IT provider, but as a board and executive it is your responsibility to make sure you have checked and understood what protections are in place and tried to judge whether they are adequate.
Also, no protective systems can fully mitigate against human folly so making sure your colleagues are fully trained and cautious about phishing emails or other suspicious activities is absolutely vital. If you have volunteers which have network or systems access this need is even more acute.
I spoke to a high profile charity yesterday that was surprisingly calm about the threat because they had 'cyber insurance' as if having building insurance means your home is less likely to burn down. If you have to trigger your cyber insurance policy (assuming it will pay out for your circumstances) then the reputational damage and potential outright harm to your beneficiaries has already been done.
If you are a board member with responsibilities in digital or cyber get external and independent advice and test your organisation's resilience to try and inoculate yourself from the dangers as much as possible.
The report predicts that one in six large charities will be victim to cybercrime in the next two years. It emphasises that many charities will fall victim to cyberattacks without ever realising.