Listen to this article:
The Australian Charities and Not-for-profits Commission (ACNC) has released key findings of a review into cyber security as an emerging risk for charities.
The Cyber Security Risks review identified key areas where charities could strengthen governance to minimise risks and manage a cyber incident if necessary.
ACNC Commissioner Sue Woodward AM said the threat of attack is real and the risks are significant.
‘Nearly all charities, small and large, hold sensitive personal data such as the names and other details of donors, members, volunteers, staff and the people who use their services. This information can be taken and misused if there is an attack on your systems. Cyber attacks can lead to financial losses for those you serve, as well as reputational and financial damage for your charity. It can also harm public trust and confidence in the charity sector more widely,’ Ms Woodward said.
‘Those who run charities have an obligation to ensure good governance is in place to minimise the risks, and to be prepared to act quickly and effectively if an incident did occur.
‘It is heartening that most charities that took part in this review had satisfactory cyber security governance in place. Importantly, these reviews provide deep insights into exactly how they are managing risks, highlighting effective actions and policies.’
‘We share these insights so people involved in running charities can see both effective practices and learn from where things are not being done well – it's part of our education and support for good charity governance’, Ms Woodward explained.
The review found charities achieved satisfactory cyber security governance by:
- having robust information and data management policies and procedures in place
- having governance that enabled and supported board members to drive strong cyber governance practices
- promoting a strong culture of cyber security awareness to ensure the charity’s people understood common cyberthreats and best practice measures to manage them
- drawing on the latest cyber security resources, tools and advice freely available online through various lead agencies and organisations
- understanding risks in the charity’s unique operating environment and taking steps to actively manage them.
The review also addressed the particular risks entailed in the use of AI, or artificial intelligence.
Read the Cyber Security Risks review report summary.
Guidance on how to identify and prevent cyber risks can be found in our Governance Toolkit: Cyber security which has links to free resources provided by key agencies, including the Australian Cyber Security Centre, AICD Cyber Security Handbook for Small Business and Not-for-Profit Directors and Infoxchange IT Services.