Skip to main content
Top of the Page

ACF logo







How to protect your foundation from cyber attacks

28 May 2026

Jim Cooke, ACF head of practice and learning, explores how strong cyber security practices can help foundations make the most of digital tools while keeping themselves and others safe.

Like most organisations, foundations increasingly use a wide range of digital tools and systems in their work. This can bring significant benefits, from streamlining administrative processes to enhancing engagement with stakeholders.

To make the most of these opportunities, however, it’s vital to understand the risks that can come with using technology – and take steps to protect your foundation’s resources, the data you hold and the people you work with.

The threat from cyber attacks

A cyber attack is an attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices.  Organisations of any size or sector can be affected, including 28% of charities last year

The impact of cyber attacks can include:

  • Money or data being stolen
  • Losing access to your files, online services or websites
  • Devices being infected with malware
  • Reputational damage. 

Foundations face many of the same risks as other organisations, but there are also some specific factors that could make them vulnerable.

For example, fraudsters might attempt to redirect grant payments by impersonating charity staff or trustees to provide false bank details. And although most cyber attackers are seeking financial gain, some are ideologically motivated – foundations with missions that focus on contested issues, such as migration, could be targeted by those who are hostile to their work.

Many foundations operate with small teams, who may have limited in-house IT expertise. Faced with high demand for grant funding, they may be tempted to minimise spending on their own operating costs. However, foundations of all sizes can take proportionate and affordable steps to reduce the risk of cyber attacks and mitigate their potential impact.

Our new technology resources for ACF members include a cyber security guide tailored specifically for trusts and foundations.

It provides an overview of the key risks, regulatory requirements, and includes lots of practical resources to help you develop a cyber security plan – and, importantly, to make sure everyone in your foundation can play their part in keeping the organisation safe. 

Developing a cyber security plan 

Having a cyber security plan that is regularly reviewed and updated can help you identify and monitor risks, take preventative steps that reduce your vulnerability, and plan your response if you do experience an attack.

There are some simple, low-cost actions that can make a big difference, such as adding multi-factor authentication to online systems and accounts.

There are also lots of free tools available from the National Cyber Security Centre, many of which are suitable for smaller organisations and those with limited technical expertise. 

Engaging staff and trustees

Effective cyber security requires everyone in the organisation to be involved.

Trustees should understand enough about cyber security to be able to fulfil their duties to keep the charity’s resources, staff and beneficiaries safe. This doesn’t mean being an IT expert – but it does mean knowing the right questions to ask, and when to seek expert help.

In foundations that employ staff, every employee will also need to take responsibility for following good practice day-to-day. For example, any individual who receives a phishing email – the most common form of cyber attack – could potentially be tricked into providing sensitive information or visiting a malicious website.

Organisational culture plays an important role here. People should feel safe to report cyber security incidents without fear of blame – for example, if they have clicked a suspicious link. 

Supporting others to strengthen their cyber security

The Charity Digital Skills Report 2025 found that almost one in four small charities have poor or no cyber security protection.

As well as thinking about how to protect their own organisation, foundations might consider how they can build capacity in the sector, helping others to strengthen their cyber security.

Some approaches to this include:

  • Unrestricted funding that can enable grant recipients to invest in the digital skills and infrastructure they need
  • Signposting charities to relevant and reliable sources of cyber security guidance
  • Funding infrastructure that can offer sector-wide support – broadening your foundation’s impact beyond the organisations you fund directly.   

Get started, or take your next steps

For ACF members, our new guide to cyber security (member login required) is designed to help:

  • Smaller foundations, those with limited in-house IT expertise, or those considering cyber security for the first time
  • Foundations that have already taken some action on cyber security but want to consider what else they might do to strengthen their practice.

It’s part of a collection of technology resources for foundations that also include:

We’ve also got several events coming up on technology and data. These offer great opportunities to learn from experts and explore practical questions with your foundation peers:

These events are open to all UK foundations and grant-making charities, with discounted prices for ACF members.

If you work for a UK trust, foundation or other grant-making charity that hasn’t yet joined ACF, find out more about membership. 

 

Join us

 

Back to Top

Stronger Foundations case studies

Discover our member-led initiative showcasing examples of
ACF members putting the pillars of Stronger Foundations into practice. 

Read the case studies

 

 

Connect with us

LinkedIn

Association of Charitable Foundations (ACF)
Toynbee Hall, 28 Commercial Street
London E1 6LS
Registered Charity Number: 1105412
Company Registration Number: 5190466

About us | Contact us | ACF policies
Sitemap | FAQs