top of page

Why should I spend the time and money of my charity on achieving cyber essentials?

Charities are a key target of cyber criminals due to the valuable information they hold - beneficiaries, volunteers, supporters as well as payment details.

Cyber criminals will happily count themselves as needy individuals when they steal data, encrypt your files, and then blackmail you for the decryption key. They don’t care about the others that you can’t support; they want your money for themselves.

But we’re a charity – they won’t target us

Unfortunately, most cyber criminals do not pick one target and concentrate on them. Technology now allows them to search huge numbers of websites for vulnerabilities or send thousands of phishing emails in the hopes of finding just one website they can exploit or one people clicking on that phishing link. And they do not have to be very technical astute, criminals can now buy kits and services from other criminals.

So how can Cyber Essentials help?

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, that will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware and phishing.

Imagine if your charity had its database stolen because you had a weak password such as mycharity1 which had been previously released in a data breach.

How do you think your supporters and trustees would view the attack?

Too sophisticated to stop or negligence on the charities side?

Telling a victim about the theft of their data when you can say “we did all we could” is a very different conversation to “well, we didn’t have time to implement 2FA”.

By achieving cyber essentials, you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.

If you have a turnover under £20m and achieve either the basic level of Cyber Essentials or the IASME Standard, then you are entitled to Cyber Liability Insurance. You can find out more about the insurance cover provided here.

Ok, you have convinced me, where should I start?

  • Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. Advice and guidance is available specifically for those in the charity sector and a step by step action plan is tailored to your requirements based on your answers to the questions. You will receive specific help in the areas that you need to address to achieve Cyber Essentials.

  • Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide help if required.


The ECRC is looking at helping charities obtain Cyber Essentials through external funding and training. If your charity would like to be considered in this pilot please contact us and let us know.

Further guidance & support

You can contact the Cyber Resilience Centre for guidance and support through our e-mail or use our online booking system to make an appointment with one of our team.

Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page