Cyber for Small Charities – A Short Guide

9 April 2026

Large charities often have dedicated IT support or third parties managing their networks. Smaller charities may not, so it can be hard to know what your risks are, or where to start. This short guide explains the key exposures to look for and a few simple steps to reduce the chance of a successful cyber attack or fraud.

Identifying exposures

Your cyber risk mostly depends on what data you hold and how much impact a breach or attack could cause (financially or to your reputation). Consider the following:

• Do you hold sensitive data, or information that could infer it, such as ethnicity, health details, or political or religious beliefs?
• How do you store data – e.g. in databases, offline backups, on a network drive?
• How do you control payments – e.g. paying suppliers, receiving donations, paying grants, or trading income?
• Do you use a business email account?

Most cyber criminals are looking to defraud the charity in some way.

A common threat is business email compromise (BEC), where someone gains access to an email account and uses it to defraud the charity or gain access to information.

Attackers may get in by guessing passwords, exploiting weak security, or persuading a user to hand over access. Once inside, they can wait for a opportune moment to redirect payments, change bank details, fake invoices, or access personal data.

Managing the risk

Simple steps such as these can greatly reduce the risk of email compromise and payment fraud:

• Turn on multi-factor authentication (MFA) for email and any systems that store charity data. Passwords can be guessed, reused, or stolen; MFA adds multiple layers of security.
• Add a verification step for payments. Always confirm bank-detail changes or new payees using a second method (for example, call a known number). For larger payments, get verbal confirmation and a second approval before sending.

To learn more about cyber risk and how cyber insurance works feel free to get in touch with our team or join one of our regular webinars. We’d also point you in the direction of NCSC resources such as their small charity guide.

This blog was updated on 9 April 2026.