Cyber resilience for social enterprises

Posted: 14 June 2021, in News

Without doubt, the last year or so has been a massive challenge to the third sector, with many organisations adopting digital tools to enable them to continue servicing the needs of their stakeholders.

Our 6,000+ social enterprises in Scotland have faced this challenge too and, with 62% of social enterprises generating at least half their income from trading, it has never been more important to ensure that any technology used to run your organisation is deployed in a safe and secure manner.

Cyber resilience is often not foremost in the minds of people running charities, voluntary organisations and social enterprises – life is busy and many competing priorities means that things can be put on the back burner. Often, cyber security is perceived as something “too technical” and the daunting use of jargon can be very off putting – this alone can create a barrier to starting a conversation about actions you should be taking.

Sadly, cyber criminals view ALL organisations as potential sources of revenue for them. There is a saying in the cyber world that “data is the new oil”, which is a rather fancy way of saying that, to a hacker, the information you keep on your systems could be a route to riches and their attempts to get hold of this may pay dividends for them.

That said, there are several easy first steps you can take to start your journey to becoming more cyber resilient. The role that I fulfil as cyber co-ordinator for the third sector means that one of my tasks is providing cyber education to the staff and volunteers of charities and social enterprises. This is provided free of charge and can be delivered for your organisation directly or via a specially hosted event, such as the one hosted by Social Enterprise Scotland this week (you can book a free place to join).

Should you want to know more about the technical steps you can do to improve the resilience of your organisation, a brilliant tool available is the Cyber Health Check, which is hosted on the SCVO website. This is designed to be an entry level instrument with some multiple choice questions which generates a report highlighting the areas in which your organisation is vulnerable.

After the report there is some useful signposting to further resources – the content for the third sector on the National Cyber Security Centre (NCSC) website is always a good place to start, and, probably the most helpful element, the opportunity to have a one to one call with someone who can review the output of the tool and help you and your organisation start on a journey to improved cyber resilience.

So, despite the gloomy introduction, cyber security need not be a daunting thing. Like any topic that feels a bit huge and overwhelming, it’s best to start one piece at a time. The suggestions above are a great way to put your toe in the water. I look forward to hearing from you soon.

Alison Stone, Third Sector Cyber Resilience Co-ordinator at the Scottish Business Resilience Centre
(You can contact Alison directly by email at