Cyber Security Risks highlights best-practice

Cyber-security is an emerging challenge for charities, a new ACNC review has found.

Cyber Security Risks identified key areas where charities could strengthen governance to minimise risks and manage a cyber incident if necessary.

ACNC commissioner Sue Woodward said that the threat of attack was real, and the risks were significant.

She said: ‘Nearly all charities, small and large, hold sensitive personal data such as the names and other details of donors, members, volunteers, staff, and the people who use their services. This information can be taken and misused if there is an attack on [NFPs’] systems.

‘Cyber attacks can lead to financial losses for those you serve, as well as reputational and financial damage for your charity. It can also harm public trust and confidence in the charity sector.

‘Those who run charities have an obligation to ensure good governance is in place to minimise the risks, and to be prepared to act quickly and effectively if an incident did occur.’

The review found charities achieved satisfactory cyber security by:

  • Having robust information and data-management policies and procedures
  • Having governance that enabled and supported board members to drive strong cyber-governance practices
  • Promoting a strong culture of cyber-security awareness to ensure that the charity’s people understood common cyberthreats and best practice measures to manage them
  • Drawing on the latest cyber-security resources, tools, and advice freely available online through various lead agencies and organisations, and
  • Understanding risks in the charity’s unique operating environment and taking steps to manage them.

The review also addressed specific risks entailed in using AI.



General Advice Warning
The information provided in this article is for general information purposes only and is not intended to and does not constitute formal taxation, financial or accounting advice. McConachie Stedman does not give any guarantee, warranty or make any representation that the information is fit for a particular purpose. As such, you should not make any investment or other financial decision in reliance upon the information set out in this correspondence and should seek professional advice on the financial, legal and taxation implications before making any such decisions.