As online giving in the UK rises heading into the festive period, Hiscox is warning that cyber threats are increasing alongside donations, exposing both donors and charities to fraud risk.
The seasonal rise comes as official data continues to point to routine cyber exposure in the sector, with a UK government survey reporting that 30% of charities experienced a cyber security breach or attack in the past 12 months. That level of incidence leaves donors and charity operators facing many of the same risks that affect other organisations when giving and fundraising move online.
Nonprofits remain frequent targets for fraudsters, Hiscox said, citing its Cyber Readiness Report. The report found nonprofits faced an average of eight cyberattacks in the past year, and 49% reported financial losses linked to those incidents.
Hiscox said the impact of a cyberattack on charities can extend beyond immediate disruption, affecting operations, reputation and even solvency. Alana Muir (pictured above), head of cyber at Hiscox, said: “The festive season brings out the best in people – but unfortunately, it can also bring out cyber criminals looking to exploit that goodwill.”
Muir said charities are being targeted because some may not have the resources to support robust cyber protections. Hiscox framed the risk as a potential drag on online giving during the Christmas period.
In a recent Hiscox poll, 56% of Brits said they donated online in the past year. The poll also indicated that 39% avoid donating online due to fraud concerns, 35% worry about whether online charities are legitimate and 9% distrust online payment methods entirely.
Muir said donor hesitation is driven by concerns that money may not reach the intended recipients. She said: “That’s why transparency and secure payment processes are critical for charities, and why donors should take simple steps to protect themselves.”
Hiscox also pointed to search data it said shows which causes are attracting attention and could be mirrored by scammers. The insurer said air ambulance charities led the most-searched causes at 2,300 monthly searches, followed by mental health charities at 1,300 and breast cancer charities at 1,100.
Other leading search terms cited by Hiscox included cancer charity at 1,000, men’s mental health charity at 1,000, animal charity at 900 and prostate cancer charity at 800. Autism charity and domestic abuse charity were both listed at 600 monthly searches.
“Air ambulance, mental health and cancer charities are among the most searched this season, which shows where the public wants to help,” Muir said. She added: “But it also signals where scammers may focus their efforts. Awareness is the first line of defence.”
Hiscox pointed to reported fraud activity as another indicator of risk in the sector. It said City of London Police received 561 charity fraud crime reports last year.
Policy shifts under consideration in the UK could also change how ransomware events play out for charities and other organisations, including a potential restriction or ban on ransom payments.
For insurers indemnifying affected organisations, a government report said that “the inability to pay a ransom could increase the likelihood of more severe outcomes,” which could influence incident response planning and claim dynamics if ransomware disrupts fundraising or core services.
