Celebrating Our Gold Membership with Maggies Business Champions: A Call for Cyber Resilience in the Charity Sector

We are incredibly proud to announce that Collective Security has been made ‘Gold Members’ of Maggies Business Champions! We recently received our certificate at their summer business champions event, a truly special occasion that highlighted the incredible work Maggies does. This partnership is particularly meaningful to us as Maggies, and especially Maggies Nottingham, provides invaluable support to cancer sufferers, their families, and friends – a cause that resonates deeply with our team. Being part of this network not only allows us to engage with other Nottingham businesses but also provides a vital avenue to support a charity that has been a significant source of strength for us.

As we celebrate this milestone and our commitment to Maggies, it also brings into focus a critical area where charities, much like any other organisation, face significant challenges: cyber security.

The Growing Cyber Threat to Charities

While charities are dedicated to noble causes, they are unfortunately not immune to cyber threats. In fact, their reliance on digital services for fundraising, managing sensitive donor and beneficiary data, and delivering services makes them attractive targets for cyber criminals.

Recent statistics from the UK’s Cyber Security Breaches Survey 2025 highlight this vulnerability:

• Approximately 30% of UK charities reported experiencing a cyber security breach or attack in the last 12 months, equating to around 61,000 organisations This figure can be even higher for larger charities.
• Phishing attacks remain the most common threat, affecting a vast majority of charities that experienced a breach.
• Breaches can lead to significant disruptions, financial losses (averaging around £3240-8690  per disruptive breach, though some can cost much more), and irreparable reputational damage.

• Alarmingly, UK charities have experienced approximately 453,000 cyber-crimes of all types in the last 12 months

Charities handle sensitive information, including personal data, financial records, and beneficiary details. A data breach not only risks violating regulations like GDPR but also erodes the trust of donors and the wider community.

Protecting a charity from cyber threats doesn’t require an extensive budget but rather a proactive approach and a focus on fundamental cyber hygiene. Here are some key functional advice points:

1. Staff Training and Awareness: Phishing is rampant. Regular training for all staff and volunteers on how to recognise suspicious emails, links, and imposter attempts is paramount. Emphasise the importance of reporting suspicious activities promptly.
2. Strong Password Policies and Multi-Factor Authentication (MFA): Enforce the use of strong, unique passwords and implement MFA for all online services, especially for accessing sensitive data and accounts. This adds a crucial layer of security.
3. Regular Software Updates: Keep all operating systems, applications, and antivirus software updated. Cyber criminals often exploit known vulnerabilities in outdated software. Enable automatic updates where feasible.
4. Data Backup Strategy: Regularly back up critical data securely, preferably offline or in encrypted cloud storage. This ensures business continuity in case of a ransomware attack or data loss. (Source: Protect your charity from cyber crime – GOV.UK)
5. Access Control: Limit access to sensitive data and systems to only those who need it for their roles. Implement the principle of least privilege.
6. Incident Response Plan: Develop a clear plan for what to do if a cyber attack occurs. This should include steps for isolating affected systems, notifying stakeholders, and seeking expert assistance.