Cyber threats are real

The Australian Charities and Not-for-profits Commission has released key findings of a review into cyber-security and its associated risks for charities.

The review identified key areas where charities could strengthen governance to minimise risks and manage a cyber incident.

ACNC commissioner Sue Woodward said that the threat of attack is real, and the risks are significant.

She added: ‘Nearly all charities, small and large, hold sensitive personal data such as the names and other details of donors, members, volunteers, staff, and the people who use their services. This information can be taken and misused if there is an attack on […] systems.

‘Cyber attacks can lead to financial losses for those [the charities] serve as well as reputational and financial damage […]. It can also harm public trust and confidence in the charity sector more widely.’

Charities are obliged to ensure good governance minimises risks. They must also be prepared to act quickly and effectively if incidents occur, she said.

‘It is heartening that most charities that took part in this review had satisfactory cyber-security governance in place. Importantly, these reviews provide deep insights into exactly how they are managing risks, highlighting effective actions and policies,’ said Ms Woodward.

‘We share these insights so people involved in running charities can see both effective practices and learn from where things are not being done well – it's part of our education and support for good charity governance.’

The review found charities achieved satisfactory cyber-security governance by:

  • Having robust information and data-management policies and procedures
  • Having governance that enabled and supported board members to drive strong cyber-governance practices
  • Promoting a strong culture of cyber-security awareness to ensure the charity’s people understood common cyber-threats and best-practice measures to manage them
  • Drawing on the latest cyber-security resources, tools, and advice freely available online through various lead agencies and organisations, and
  • Understanding risks in each charity’s unique operating environment and taking steps to manage them.

The review also addressed the particular risks entailed in using artificial intelligence.




General Advice Warning
The information provided in this article is for general information purposes only and is not intended to and does not constitute formal taxation, financial or accounting advice. McConachie Stedman does not give any guarantee, warranty or make any representation that the information is fit for a particular purpose. As such, you should not make any investment or other financial decision in reliance upon the information set out in this correspondence and should seek professional advice on the financial, legal and taxation implications before making any such decisions.