Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

NEWS > Charity Sector News > Key principles and practical guidance for charities navigating cyber attack

Key principles and practical guidance for charities navigating cyber attack

By Paul Collins, Head of Risk Management, Ecclesiastical Insurance Group

Ransomware is a persistent risk to the security of your data. If we’ve learned anything over the past 18 months it is that the importance of protecting your IT infrastructure is crucial. Having a cyber policy will help avoid a loss in the event that your IT infrastructure comes under attack.

Charities carry a range of sensitive data that is considered valuable for criminals. Personal data, customer data, bank details and employee details are assets that make charities an attractive target for criminals. Cyber attacks can affect the particular charity as well as the whole charitable sector, making customers nervous about giving their personal information when donating to charities.

Owned by a charity ourselves, we at Ecclesiastical Insurance Group have over 130 years of experience and deep knowledge of the charity sector. We have built up a huge understanding of what needs to be done to prevent ransomware attacks against charities.

To help you avoid a ransomware loss, Ecclesiastical recommends three key areas in which your charity should invest:

  • Investing in your IT infrastructure
  • Investing in your training and awareness
  • Investing in transparency

Investing in your IT infrastructure

Investing in your IT infrastructure is key in order to prevent ransomware attacks. Anti-virus software and firewalls prevent hackers from getting in in the first instance; charities must keep this up to date in order to prepare for new sophisticated threats which are becoming harder to detect. Backing up your IT systems at least every seven days and keeping this separate from your day-to-day operating systems means you will have a copy to fall back on if the worst happens.


Investing in training and awareness

Employees can be the biggest threat to your IT security, which is why investing in training your staff on what they need to look out for and what they need to be aware of is vital. When a potential threat arises, their first thought should be “this doesn’t look right, there’s something wrong here”. Cultivate the curious mind to react and think before they click a suspicious link.

Making your employees aware of the threats and understanding how to spot a potential threat and react correctly to it will make the risk of your organisation becoming a victim of a ransomware attackless likely.

Investing in transparency

When a cyber attack happens, timing is crucial which is why your organisation must encourage an open and transparent blame free culture. Your employees must feel they are able to approach you and tell you that they’ve made a mistake or clicked on something they perhaps shouldn’t have.

Stressing the importance of reporting any suspicions or potential IT threats will help avoid cyber attacks and enable the issue to be resolved more easily and much faster. If an employee sits on a potential threat because of some perceived penalty, the risk posed would be much greater, which is why investing in transparency can reap the benefits in order to be ready to react quickly.

Ensuring your policy has you covered

Having up-to-date insurance cover is critical to help you respond to a cyber attack. However, your insurance policy will have some criteria for it to be effective. Don’t wait for something to happen, you must read your insurance policy as soon as it comes out so you understand the terms and conditions and know what you need to comply with to ensure the policy will operate if you are targeted by a cyber attack.

For example, with cyber cover, insurers are likely to insist that you have up-to-date anti-virus software and firewalls, and that you regularly update these. Failure to comply with these requirements may render the policy inoperative. Ecclesiastical Insurance Group advises that long before anything happens you need to know about and comply with any policy conditions.

When you’ve had a cyber attack, timing is critical and it’s essential that you contact your insurer as soon as you can and advise them on what is happening. This call will trigger a series of responses and actions and will identify what resources you need including an IT consultant and legal advice.

The Data Protection Commission puts strict timelines on your response to these attacks and it is crucial that you comply with these requirements.

As insurers, Ecclesiastical Insurance is here to help you with advice on how to avoid a ransomware attack and to help you in the event that your charity becomes a victim of cyber crime.

Terms & Conditions



Data Protection

15 - 17 Leinster Street South
Dublin 2

t. 01 541 4770

RCN: 20043964
CRO: 335412

This website is powered by