Charity Cybersecurity Essentials
Cyber Essentials readiness, GDPR for donors, and grant evidence pack — built for UK charities. 30-day free trial.
🛡️ CYBER ESSENTIALS 2026 UPDATE — EFFECTIVE 28 APRIL 2026
The Cyber Essentials scheme is updated from 28 April 2026 with stricter criteria: mandatory multi-factor authentication (MFA) for all cloud services and admin accounts, tighter password policies, expanded scope for home workers and BYOD devices, and new vulnerability management timelines. All UK government suppliers must meet the updated standard. This product is aligned with the CE 2026 requirements.
🏛️ UK CHARITIES: 3RD MOST ATTACKED SECTOR — DONORS EXPECT DATA SECURITY
NCSC 2025: UK charities are the third most targeted sector for cyber attacks. Charity Commission reporting of serious incidents includes cyber breaches. Gift Aid data, donor PII, vulnerable beneficiary data, and payment card information — all high-value targets. Donor trust is fragile: one breach makes national news. Most charities of any size have no formal cybersecurity programme.
Charity Cybersecurity Essentials — Protect Donor Trust and Beneficiary Data
Built specifically for charities and not-for-profits. Covers the unique cybersecurity challenges of the voluntary sector: limited IT resource, volunteer data handling, fundraising platform security, Charity Commission reporting obligations, and the heightened reputational sensitivity of any data breach.
- Charity-Specific Risk Assessment: Donor data, beneficiary data, Gift Aid records, financial data — risk assessment tailored to charity operations
- Cyber Essentials Preparation: Many funders now require Cyber Essentials — preparation checklist for charity environments
- Volunteer Data Handling: DBS data, volunteer PII, reference information — secure handling procedures for non-permanent staff
- Fundraising Platform Security: JustGiving, GoFundMe, Donorfy, Salesforce NPSP — platform security configuration review
- Charity Commission Reporting: When a cyber incident qualifies as a serious incident for Commission reporting — and how to report correctly
- Gift Aid Data Protection: HMRC Gift Aid data is personal data requiring specific security controls — compliance guidance
- Donor Communication: What to tell donors in the event of a breach — managing trust and reputation during a crisis
- NCSC Small Charity Guide Alignment: Controls mapped to the NCSC's specific guidance for charities — the recognised framework
💷 THE MATHS
£49/month. Cyber attack on a charity: loss of donor trust, Charity Commission investigation, ICO enforcement. Average charity cyber breach cost: £8,170 (Cyber Security Breaches Survey 2025). Many funders now require documented cybersecurity. One prevented breach protects more than finances — it protects beneficiaries.
📅 How this subscription works — month-1 to month-12
- Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
- First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
- Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
- Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.
⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.
Cyber Essentials 2026 Coverage (Charity Sector)
Charities are CE-certification eligible and often need it for funder due diligence. The pack covers the five controls at charity scale:
- Firewalls — Charity-scale network boundary configuration template (small office + remote staff perimeter)
- Secure configuration — Hardening checklist sized for charity IT (cloud-first + small device fleet); CIS-benchmark baseline mapping
- User access control + MFA mandate — MFA enforcement on Office 365/Google Workspace and admin accounts (CE 2026 mandate 28 April 2026); RBAC for trustees, staff, volunteers; least-privilege for finance system access
- Malware protection — Endpoint protection / antivirus coverage for staff and volunteer devices; EDR considerations for grant-funded device fleets
- Security update management — Patch management cadence for charity IT; vulnerability management for legacy donor management systems
£29.00/mo
MONTHLY SUBSCRIPTION · No VAT (not registered)
Get this in Charity Tech Protection Suite
Save £48/mo (41%) vs standalone →
Trust & Delivery
ICO registered ZC112810
UK Information Commissioner's Office data controller registration.
Companies House 16419201
SummitBridge Horizon Ltd — registered 30 April 2025, London.
14-day satisfaction guarantee
See refund policy for full terms.
Sample materials available
Compare with the market
5 direct and adjacent competitors tracked.
| Vendor | Their price | Threat | vs SBH | Their advantages | Our advantages |
|---|---|---|---|---|---|
| CyberSmart GB | £499+ /yr | HIGH | similar | UK-native · IASME partner | — |
| IT Governance UK GB | £800+ per assessment | MEDIUM | pricier | — | — |
| IASME Consortium GB | £320–£600 per assessment | MEDIUM | cheaper | Official certifier | — |
| Secureframe US | $9,000+ /yr | LOW | pricier | — | — |
| Vanta US | $7,500+ /yr | LOW | pricier | Brand | — |
Compliance Snapshot
Regulatory posture for this product — for procurement and security teams.
Conformity scaffold in place — formal record not yet published