What is cyber resilience
Cyber resilience is about ensuring that your organisation is prepared for a cyber attack and can continue to operate when it happens.
Cyber security is about protecting your IT systems and data to help ensure you are not a target of malicious cyber activity, reducing the risk of cyber attack.
Why is it important within third sector
Cyber resilience is just another part of overall business resilience which is about making sure that you have a plan in place to keep operating, even when things go wrong. As organisations move online, they are more vulnerable which can result in:
- loss of service
- people you work with/staff being put at risk
- financial and reputational impact
Unfortunately the third sector is not exempt, according to 2024 UK Cyber Security Breaches Survey almost one in three (32%) charities experienced some form of cyber security breach/attack in last twelve months. The good news is that taking the first steps to improving your cyber resilience is easier than you might think. There is lots of support out there to help you start to prioritise cyber risk, protect against the most common threats and ensure you are prepared to respond to cyber incidents when they inevitably occur.
What can third sector do
The Scottish Government has produced advice and guidance for voluntary sector organisations as part of their Third Sector Action Plan, which focuses on:
What are CyberScotland doing to support third sector
SCVO have appointed a Cyber Resilience Co-ordinator, who will work closely with Scottish Government through the CyberScotland partnership, to help coordinate implementation of the action plan across Scotland’s voluntary sector to support them in becoming more cyber resilient. They will be guided by a Third Sector Cyber Resilience Working Group, made up of a range of people from across the sector, who will help shape the development of the work programme to ensure it is impactful and relevant. As these themes develop this page will be updated with new initiatives and opportunities.
Upcoming events
The next Gathering will take place in-person on 4th and 5th February 2025 at the Edinburgh International Conference Centre (EICC). Save the date in your diary – we can’t wait to see you there! Organised by SCVO, the Gathering is the […]
Overall aim Cyber resilience is just another part of overall business resilience – making sure that your organisation has a plan in place to keep operating, even when things go wrong. Only 19% of UK charities have cyber incident response […]
Relevant News
The October CyberScotland Third Sector Cyber Resilience Bulletin is designed to provide you with cyber related information for the third sector covering:
•Common Threats
•Recent Incidents and Lessons Learned
•Awareness and Guidance
Overall aimStaff and volunteers are using digital systems every day. Giving them the right awareness and training to spot cyber risks and take appropriate action is key. Only 18% of UK charities have some form of cyber staff training in […]
To help support charities in addressing cyber risks, a Third Sector Cyber Resilience Working Group, made up of a range of people from across Scotland’s voluntary sector, has been established to shape and guide a programme of work aligned to Scottish Government’s Third Sector Cyber Resilience Action Plan.
Charities are using digital systems every day to deliver their services and keep in touch but with this capability comes a level of risk. Almost one in three UK charities experienced some form of cyber security breach or attack in […]
Relevant Resources
The NCSC scheme to help organisations of all sizes access consistent, high quality cyber security advice. Resource to support with Cyber Essentials readiness and certification
Read more Cyber Advisor Scheme in modal dialogThis health check will help you gain an overview of your organisation’s cyber resilience. It will help you identify the next steps you need to take to make you even more secure.
Read more Cyber Checkup in modal dialogCyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Read more Cyber Essentials in modal dialogResource to support with Cyber Essentials readiness and certification.
Read more The Cyber Essentials Guide to Working with an External IT Company in modal dialogThe Cyber Essentials Readiness Tool helps you meet Cyber Essentials requirements. The tool includes questions related to the main Cyber Essentials criteria and provides tailored advice to prepare you for certification. This resources provides support with Cyber Essentials readiness and certification
Read more Cyber Essentials Readiness Tool in modal dialogInformation on how to legally protect personal information.
Read more Data protection in modal dialogA free, 90 minute non technical workshop which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.
Read more Exercise in a Box workshops in modal dialogThe key types of risk that can affect your voluntary organisation and the importance of risk policy. Resource to support good governance when it comes to digital.
Read more Risk Management in modal dialogSupport to help understand and solution technical challenges
The advice in the Cyber Security: Small Charity Guide will significantly increase your protection from the most common types of cyber crime. The five topics covered in the guidance are easy to understand, and are free or cost little to implement.
Read more Small Charity Guide in modal dialogProposing a series of 12 principles, designed to help you establish effective control and oversight of your supply chain.
Read more Supply Chain Security Guidance in modal dialogResource to support good governance when it comes to digital
Available Support
- Read the CyberScotland Advice & Guidance to further understand the risk to you and your organisations
- Read our guidance on Responding To An Incident
- Scottish charities are also required to report cyber crime to OSCR via raise a concern form, as well as report an incident.
- If you are interested in becoming more cyber resilient and want to discuss this with SCVO, please contact Alison Brogan, Third Sector Cyber Resilience Co-ordinator at alison.brogan@scvo.scot