The fantastic Charity Digital Skills Report 2018 has been released. With over 500 charity professionals surveyed, the report provides great insight into the progress that has been made in some areas of digital change within sector. We’ve been through the report and picked out some quotes to discuss in relation to risk management and insurance…
31% of respondents are using digital but don’t have a strategic approach and only 9% of respondents feel that everyone in their organisation understands their digital vision
It’s fantastic news that the number of charities using digital without a strategic approach is down from 35% last year. However, if charities are employing digital tools without planning how to tie them into their strategy, this might imply a lack of understanding of the tools or gaps in knowledge across the whole organisation; a situation that may increase the risk of cyber or data protection issues arising. Similarly, if your employees, volunteers and leaders don’t understand the digital vision, it can be hard to manage digital tools correctly; it can seem tempting to ‘roll out’ new systems without appropriate analysis, assessment and training – a significant risk.
58% of respondents see funding as their biggest obstacle
If funding is an issue when investing in digital, some charities may feel the need to choose the cheapest option, to go for lower level of service or security or to use free tools for tasks beyond what they were designed for. Again, the concern here is that inadequate analysis, assessment and training may lead to inappropriate systems being employed, with an increased risk of cyber or data protection issues arising as a result.
45% of respondents said they need to sort out infrastructure and processes (e.g. data protection)
This figure is both positive and negative… It’s positive in that respondents clearly know that they need to sort this out. It’s negative in that most charities are already handling significant volumes of personal data and if their infrastructure and processes aren’t up to scratch then there may be an increased risk of cyber security issues or data breaches.
62% of respondents are rating themselves ‘fair-to-low’ with using, managing and analysing data
Though there was a reduction of 2% since last year, there is still a significant risk of data being lost or kept insecurely if staff or volunteers do not possess the skills to correctly capture, manage, store and process data. A lack of skills in this key area can lead to the potential for a data breach. Which brings us nicely on to GDPR…
Only 14% of charities are ready for GDPR, with an addition 64% estimating they’ll be ready in time
Time is ticking away on this one… GDPR is coming and it’s important that the 64% who are currently preparing ensure they stick to their timescale; the 18% who are just getting started probably need to pick up the pace; the 5% who haven’t started working on it yet are far behind the curve and should start now.
It’s not all doom-and-gloom… How can you reduce risk during the digital revolution?
Personal data is both a valuable resource and a risk that requires careful consideration. A data breach can lead to significant fines, business interruption and reputational damage.
You may have already completed a data mapping exercise that analyses your data flows (during your GDPR preparation); if you haven’t, this vital process can feed into your risk management, risk assessments and business continuity plan and is highly recommended. By understanding what data, you hold, the type of data it is and under what legal justification you process it, you can better manage the risks relating to the data and the related digital tools in use.
Before any digital tool is used in your organisation, it’s vital that you assess the function and scope of the tool. Tie this assessment in with your data mapping and ensure its clear what data is ‘exposed’ to the system. Then thoroughly risk assess the tool in terms of data protection, but also consider aspects such as business continuity (what would happen to your operations if the system went down?) and PR crisis (is the system public-facing, like social media or a data feed? What would happen with the management of the system or the output in the case of a PR crisis?).
Good risk management is vital, as is adhering to all relevant legislation and regulation (such as GDPR); you can also use insurance as a tool to reduce risk. Cyber and Data Protection insurance is an emerging market and products are now available and may be suitable for your organisation. CaSE Insurance can arrange this specialist insurance; contact us to find out more.