Charity Digital – Topics – Cyber security threats to watch out for in 2026
Charity Digital – Topics – Cyber security threats to watch out for in 2026
https://charitydigital.org.uk/topics/cyber-security-threats-to-watch-out-for-in-2026-12637
Publish Date: 2026-06-22 06:52:00
Source Domain: charitydigital.org.uk
Using an unordered list, summarize the following article with between 4 and 8 key points.
Cyber threats can affect any organisation, but they can have a disproportionate impact on the charity sector, who provide vital services to their communities and protect large swathes of personal data. A cyber breach can cause disruption to services, data loss, financial damage, and reputational harm – all of which can be extremely challenging to a charity committed to doing good work with already limited time and budgets.
One thing the charity sector can do to prepare for and mitigate the impact of cyber threats in the sector is learn from each other. The 2026 Cyber Breaches survey, conducted by the UK Government, showed that recent high-profile cyber attacks in the media had “moved the perception risk from cyber attacks and breaches up the agenda within organisations”. Organisations are taking cyber security more seriously, understanding the potential ramifications of a cyber threat, and taking action to prevent them.
In this article, we explore a few of the cyber threats that charities need to watch out for in 2026, with lessons from those that have recently made the headlines. We’ll also share practical steps charities can take to mitigate those threats, with insight from cyber security software providers Avast.
Charities can access Avast products at a discount through Charity Digital, making it easier for non-profits of all sizes to implement robust cyber security to meet the evolving threats.
Cyber threats to watch out for in 2026
The prospect of experiencing a cyber breach as a result of a deep fake feels fantastical. But, particularly with the advent of AI, that is no longer the case.
AI is making cyber threats more convincing and more sophisticated. With generative AI tools, it is easier than ever to create a convincing logo or email that poses as a legitimate organisation to defraud people, persuading them to give away money or access to data that can then be ransomed.
With deep fakes, AI goes beyond logos and can create voices or even videos that imitate authority figures. In 2024, car manufacturers Ferrari experienced a deep fake cyber threat when an executive received a WhatsApp voice message impersonating the CEO. Fortunately, the threat was caught by the executive, who noticed “inconsistencies in tone during a follow-up call”.
What charities can do: Pause and verify. While deep fakes can be scary, they often use the same tactics as cyber threats we’re more familiar with, using urgency and authority to encourage people to act quickly, without time to think. So it’s important that, when faced with a potential deep fake, we take time to pause, think about the likelihood of the request, and verify the person we’re talking to, contacting them independently.
Phishing attacks occur when cyber criminals send out fraudulent emails encouraging people to enter sensitive information or make a payment. Like deep fakes, they appeal to someone’s sense of authority, posing as a legitimate request from an organisation or person in power, such as a manager or CEO. With AI, they are becoming more convincing and consequently harder to spot.
What charities can do: Create a cyber-aware culture. Creating a cyber-aware culture includes training employees to spot suspicious emails but it also involves building an environment where people feel safe to report phishing attacks when they occur. Not reporting them promptly can prevent organisations from responding effectively.
Charities should create a cyber response plan and share that with their teams so that everyone knows what to do should they fall victim to a phishing email. The cyber response plan should include who to report it to, what immediate steps they can take, and what software tools can help.
“Quishing” is a form of phishing that happens specifically with QR codes. QR codes, purporting to take you to a legitimate site, may take you to a fraudulent site instead once scanned. The national fraud reporting centre Action Fraud revealed that £3.5 million was lost to quishing in 2024.
The particular difficulty with quishing is that it can be hard to spot what website you’ll be taken to once scanned. As Which? Points out, QR codes in emails can be used to disguise phishing links in emails. But there is always a preview before you are redirected – ensure that the website corresponds with the one you are expecting.
Quishing is particularly prevalent in public areas, such as car parks, and charities should be cognisant of this risk when using QR codes for fundraising. It might be worth sharing the risks with your supporters and fundraisers so they can spot potential quishing in the wild – signs include stickers over the top of posters or adverts, suggesting the QR code has been replaced.
What charities can do: Staying aware of the risk is essential when it comes to preventing quishing. Communicate the risks with your teams, explaining what quishing is and how to be especially careful when making payments. If unsure, go directly to the website you expect to be visiting, rather than through the QR code. For supporters, always offer them multiple ways to donate or access your content, with clear links so they know where they are going and can spot if things don’t match up.
While cyber awareness training is essential, cyber threats can still find a way through. The best way to remain cyber secure is to invest in robust cyber security software. And it doesn’t have to be expensive.
