Cyber Resilience for Charities and Non-Profits

From one non-profit to another — protection without the sales pitch. Charities hold some of the most sensitive data in the country: donor details, beneficiary records, safeguarding information. Yet most operate without any dedicated security expertise, and every pound spent on IT is a pound not spent on the cause. ICCSO is a UK community interest organisation helping charities protect the people they serve, the donors who fund them, and the trust their mission depends on.

A cyber incident doesn't just cost you data. It costs you trust.

Cyber criminals target charities precisely because they expect weak defences and valuable data. For many charities, the data at risk is uniquely sensitive — health conditions, domestic abuse support, immigration status, children's records. A breach of beneficiary data isn't just a GDPR incident; it can put vulnerable people at real risk.

And the consequences reach further than the incident itself. A publicised breach damages donor confidence at exactly the moment you need it most. Regulators expect answers: the ICO on data protection, and the Charity Commission — which now expects trustees to actively manage cyber risk as part of their duty of care, and requires serious incidents to be reported.

Increasingly, funders are asking too. Grant applications and local authority contracts now routinely include questions about data security and Cyber Essentials certification. Cyber resilience is no longer just protection — it's becoming a condition of funding.

You shouldn't have to choose between protecting your data and delivering your mission.

A community, not a vendor

ICCSO — the International Consortium for Cyber Security Operations — is a UK-registered community interest organisation. We are a consortium of experienced cyber security professionals and leaders who volunteer their expertise with one mission: making the UK more cyber resilient, starting with the organisations that need it most and can afford it least.

  • No products to sell you — we are not a managed service provider or a software vendor, so our guidance is independent
  • We understand non-profit realities — small teams, volunteers on personal devices, restricted funds, trustee governance
  • Non-profits supporting non-profits — income from our larger members helps fund free and low-cost support for the smallest charities

One programme, three levels of support

Every charity starts in a different place — from a two-person community group to a national organisation with contracts and commissioners. Our tiered programme meets you where you are.

  • Cyber Aware (build the foundations): cyber awareness webinars for charity staff and volunteers, a quarterly plain-English threat bulletin for the charity sector, practical checklists covering donor data and beneficiary records, and ICCSO Charity Member recognition
  • Cyber Secure (protect the people you serve): everything in Cyber Aware plus an annual blame-free phishing simulation for staff and volunteers, a cyber briefing for trustees and senior leadership, an incident response template pack with ICO and Charity Commission reporting steps, and guidance on securing volunteer access and personal devices
  • Cyber Resilient (lead with confidence): everything in Cyber Secure plus Cyber Essentials readiness support, an annual tabletop incident exercise for leadership, a named ICCSO advisor, and multi-site and federation rollout support

Outcomes, not paperwork

  • Assurance for your trustees — clear evidence that cyber risk is being managed, aligned with Charity Commission guidance
  • Stronger funding applications — demonstrable cyber governance and a path to Cyber Essentials strengthen grant bids and contract tenders
  • Protected donors and beneficiaries — confidence that the sensitive data at the heart of your work is handled safely
  • Staff and volunteers who are your strongest defence — trained, confident people stop attacks before they start
  • A plan for the worst day — respond in hours with a rehearsed plan, including the regulatory reporting steps
  • A community behind you — a national network of cyber professionals and fellow non-profits

Getting started is simple

  • Book a free consultation — a 30-minute conversation with an ICCSO advisor, no obligation, no sales pitch
  • Get an honest recommendation — we'll tell you where your charity stands and which programme level fits, even if our free resources are all you need
  • Join the programme — onboarding is designed for small teams and volunteers, scheduled around your capacity
  • Build resilience, year on year — regular touchpoints, refreshed training and an annual review

Frequently asked questions

Is ICCSO a company trying to sell us software or services?

No. ICCSO is a UK community interest organisation. We don't sell security products or managed services — our charity programme is independent, and income supports our non-profit mission, including support for the smallest charities.

We're a tiny charity run mostly by volunteers. Is this for us?

Absolutely — small, volunteer-led charities are exactly who we designed this for. Everything is in plain English, built for people who aren't technical, and paced around your capacity. And ICCSO non-profit membership itself is free.

We have branches or local groups across the country. Can you support all of them?

Yes. Our Cyber Resilient level includes multi-site and federation rollout support, so every branch gets consistent protection with central visibility for your leadership.

Does this help with our Charity Commission and GDPR responsibilities?

Yes. Our trustee briefings and programme materials are aligned to Charity Commission expectations on managing cyber risk and to UK GDPR good practice, and our incident templates include the regulatory reporting steps.

Will this help us win grants and contracts?

Increasingly, yes. Funders and commissioners are asking about data security in applications, and many now expect Cyber Essentials. Our programme helps you evidence good cyber governance and progress towards certification.

What does it cost?

The programme is priced for charity budgets, with different levels of support to match different needs — and our entry-level resources and ICCSO non-profit membership are free. Book a free consultation and we'll give you straightforward information with no obligation.

We think we've already had a cyber incident. Can you help?

If you're dealing with a live incident, contact Action Fraud and follow NCSC guidance immediately, and remember serious incidents may need reporting to the ICO and Charity Commission. ICCSO's programme focuses on preparation and resilience — member charities receive incident response templates and exercises so they're ready before anything happens.