Home > The Looming Cyber Crisis: Why 2025 Will Be Even Tougher for Charities

The Looming Cyber Crisis: Why 2025 Will Be Even Tougher for Charities

February 3, 2025

  • Cambridge
  • Member News

The charity sector, driven by compassion and a mission to serve, faces an increasingly hostile cyber landscape. While charities collect and manage sensitive data – from donor details and financial records to beneficiary information – their often-limited resources and technical expertise make them attractive targets for cybercriminals. The statistics are stark: UK charities have already experienced an estimated 924,000 cybercrimes in the past year, encompassing a wide range of attacks. And the situation is set to deteriorate further in 2025

A Sector Under Siege
Currently, 32% of UK charities have reported a cybersecurity breach or attack in the last 12 months. These attacks aren’t just a minor inconvenience; 38% of them directly impacted service delivery, with 19% leading to negative outcomes for those the charity serves. Alarmingly, despite these threats, only 26% of charities have conducted cybersecurity risk assessments in 2023, highlighting a significant gap in preparedness. This lack of proactive assessment, combined with the increasing sophistication of cyberattacks, paints a worrying picture for the future.

Why 2025 Will Be Worse?

Several converging factors point to an escalation of the cyber threat to charities in 2025:

AI-Powered Attacks: The rise of readily available AI tools will dramatically lower the barrier to entry for cybercriminals. Sophisticated phishing campaigns, malware, and even ransomware attacks will become easier to generate and deploy, making it harder for charities to defend themselves. AI can personalise attacks at scale, making them more convincing and increasing the likelihood of success.

Geopolitical Instability: Global tensions and conflicts often spill over into the cyber realm. Charities, particularly those working in sensitive areas or with international partners, may become collateral targets in state-sponsored or hacktivist attacks. Disinformation campaigns targeting a charity’s reputation could also become more prevalent.

Increased Regulatory Scrutiny: As data protection regulations tighten, the financial and reputational penalties for data breaches will increase. Charities that fail to invest in robust cybersecurity will face not only the direct costs of an attack but also potentially crippling fines and legal action. The pressure to comply, especially with limited resources, will be immense.

The Evolving Threat Landscape: Cybercriminals constantly adapt their tactics. New attack vectors emerge, and existing ones are refined. Charities must not only defend against known threats like phishing and ransomware but also anticipate and prepare for emerging threats. This requires continuous learning and investment in cybersecurity infrastructure, which many charities struggle to afford.

Economic Pressures: The ongoing economic downturn will likely exacerbate the problem. Charities are already facing funding cuts and increased demand for their services. This financial strain may force them to further reduce spending on non-essentials, including cybersecurity, making them even more vulnerable.

The Familiar Foes – Phishing, Data Breaches, and More

While new threats emerge, the familiar ones persist and evolve:
Phishing: Still the most prevalent threat, phishing attacks will become even more sophisticated with the use of AI, making them harder to detect.

Data Breaches: The sensitive data held by charities makes them prime targets. Breaches can lead to financial losses, reputational damage, and regulatory fines.

Ransomware: Ransomware attacks continue to cripple organisations, and charities are no exception. The increasing use of double extortion (stealing data before encrypting it) puts even more pressure on victims to pay the ransom.

Supply Chain Attacks: As charities rely more on third-party vendors, their supply chains become a potential weak link. Attackers can target smaller vendors to gain access to the charity’s systems.

Insider Threats: Whether malicious or accidental, insider threats remain a concern. Proper training and access controls are essential to mitigate this risk.

The Path Forward – Fortifying the Sector

Charities must take proactive steps to bolster their cybersecurity posture:
Prioritise Cybersecurity: Cybersecurity should be a strategic priority, not an afterthought. Boards and leadership teams must understand the risks and allocate adequate resources to protect their organisations.

Invest in Training: Regular cybersecurity training for all staff and volunteers is crucial. People are often the weakest link, and training can help them recognise and avoid common threats like phishing.

Implement Strong Security Measures: Multi-factor authentication, strong passwords, regular software updates, and robust backup systems are essential.

Intergence are offering a free Cyber-Breach audit, to find out more, please get in touch with Intergence at contact@intergence.com or call us on 01223 800530. We’re here to support you.