Discover your certification today Browse
Open page navigation
Cyber Security

Cyber Security in the Charity sector and the need for best practice

The reality

Charities often support the most vulnerable members of our society, they change lives and enable disadvantaged people to achieve extraordinary feats. Sadly, the charities themselves, are often underfunded and understaffed,  leaving them naturally under-protected from Cyber Attacks. A combination of factors has led to them becoming one of the highest breached sectors out there.

The threat of Cyber Breaches is so prominent for charities that in March, 2018, the National Cyber Security Centre published a Charity specific guidance for protection against cyber attacks in response to alarming Figures published in the 2018 government breaches survey. The survey highlighted that 73% of charities with income of over £5m had fallen victim to a cyber attack within the last year.

Cyber attacks will always evolve at an alarming rate; new malware, new social engineering methods, and new loopholes in IT security to exploit. This will never change. However, it is the responsibility for organisations to make sure they are evolving themselves, using best practice to keep up to date with the evolving threats and being aware and confident that they have the necessary precautions in place if an attacker attempts to gain access.

How to protect your charity

Protection from a Cyber Attack is never guaranteed, and bespoke or targeted attacks can be very difficult for a small organisation to protect themselves against. The most any organisation can do is mitigate as many attacks as possible, and that’s where Cyber Essentials comes in, as on average, it mitigates 80% of cyber attacks.

For organisations that have never thought about Cyber Security, they should always begin with Cyber Essentials. It was designed for exactly this reason, it’s a critical list of precautions that every organisation should implement to protect themselves against the majority of attacks. It’s the foundations on which to build the rest of your security action plan. 

Where to start

  1. First, assess your own controls and processes and benchmark them against the Cyber Essentials scheme requirements
    This will give you a clear perspective about the scope of Cyber Essentials in comparison with your organisation and, obviously, read the NCSC specific guide on Charities.
  2. Implement the controls into your organisations processes and procedures that you do not already meet.
    A stitch in time, saves nine. There is nothing complicated about the Cyber Essentials controls, it's ensuring you're doing the necessary things right now to avoid the worst happening in the future.
  3. Use APMG to get your application completed and submitted.
    A certification speaks louder than words. Using our unique assessment portal will allow you to complete your application online, start to finish. If you do happen to struggle, we are here to support you. Typical applications are 2-3 days from registration to certification.

A special offer to charities

To encourage Cyber Essentials uptake in the Charity sector, APMG is offering a unique discount for all UK registered charities. If you work for a registered Charity and would like to receive a discount, click below to contact our team with your registered charity number, and they will send the voucher to you.

Just insert this voucher when you pay through our portal and it will be automatically discounted.

Request your Code  



Large pile of timber logs perfectly stacked

ISO/IEC 27001

Demonstrate exemplary management of information security

View more

Cyber Essentials

Stand out as Certified. Official confirmation that your organisation takes your clients data seriously. The UK Government endorsed Cyber Essentials scheme

View more

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled intelligence and agility

View more