Closing the Digital Divide – AI and cyber resilience in practice

CSG and CFG – AI and the Digital Divide

In October, the Civil Society Group (CSG) published its Autumn Budget submission and a high-profile call for action on the charity digital divide. For the first time, CSG and the Charity Finance Group (CFG) asked government to support safe, proportionate AI adoption across the sector, including engagement with the Charity AI Task Force. Furthermore, they asked for the creation of a new fund to tackle the digital divide amount smaller charities, focused on infrastructure and skills.

The submission reflects that, whilst AI uptake has been high, many charities lack the resources and governance to use it responsibly. CSG argues that, without targeted support, smaller organisations risk being left behind just as digital engagement becomes the norm for donors, volunteers, and beneficiaries.

Although the Budget did not announce a dedicated AI/digital fund, these asks are now firmly on the policy agenda and likely to re-surface in future fiscal events and funding schemes.

Cyber Resilient Scotland

In early November, the Scottish Government launched the Strategic Framework for a Cyber Resilient Scotland 2025-2030, a refresh of its 2021 strategy. The framework’s vision is that “Scotland thrives by being a digitally secure and resilient nation”, and it explicitly covers public, private and third sector organisations.

The press material underlines why this matters: the UK Cyber Breaches Survey 2025 found around 86% of charities had staff encounter phishing emails or fraudulent websites in 2024 and recorded cyber crimes in Scotland have almost doubled since 2019-2020.

Shortly after its launch, OSCR issued a news piece calling the framework a “strategic call to action” for Scotland’s charity sector. It stresses that trustees have a duty to treat cyber security as a ‘key part of their work, not an optional extra’, and signposts free support from SCVO’s cyber-resilience programme.

Trustees’ Week 2025 – AI in the boardroom

AI also featured prominently in this year’s Trustees’ Week. On 6 November, NCVO ran a free online session, “AI Essentials”, in partnership with the Media Trust aimed squarely at trustees and senior leaders.

The webinar provided: a practical overview of AI tools trustees might encounter, discussion of risks and ethical issues, real-world case studies from charities already experimenting with AI, and a focus on how boards can kickstart their AI journeys.

The event signals an overall shift from AI being seen as an operational or IT issue to something trustees are expected to understand and question – particularly where AI is used in fundraising, service delivery and HR.

That message was reinforced later in the month at NPC Ignites 2025 where Tom Ilube, chair of The King’s Trust, warned that charities which avoid engaging with AI now could face ‘real trouble’ within two or three years. He described AI as a ‘wake-up call’ arguing that organisations must approach AI in a manageable but deliberate way. He further suggested that boards should bring AI expertise into the room, recommending that charities consider having someone with deep AI knowledge at the table, whether as a trustee or an advisor, to help navigate strategic choices. His broader point was that charities cannot afford to let big tech dictate how AI is used in social and community contexts. As charities understand their beneficiaries, they are best-suited to influence how AI is shaped.
 

Steps Forward

In light of the CSG and CFG’s Budget asks, Cyber Resilient Scotland, and the talks at Trustees’ Week and NPC Ignites, there are some clear practical steps charities can make:

1. Treat non-engagement as a risk in itself: Tom Ilube’s warning is that simply opting out of AI is no longer a neutral position, it risks leaving organisations behind operationally and strategically.
2. Bring AI expertise into governance structures: charities should consider whether they should bring in an AI-literate trustee or adviser to help guide them across the digital divide. Further, trustee learning opportunities, similar to the ‘AI Essentials’ programme, could help bring the board’s baseline understanding of AI to a stronger level.
3. Integrate AI with cyber-resilience: using Scotland’s Cyber Resilient framework and OSCR’s recent call to action as a template, charities should make cyber security and digital resilience part of core risk management. They should map where AI tools intersect with their most sensitive data and critical systems, ensuring controls are proportionate to those risks.
4. Collaborate and share knowledge with peers: the best approach is collective action with charities sharing resources and strategies so that those further ahead can help those just starting out. Finance teams can tap into free or low-cost support such as Charity Excellence’s newly launched AI Online Learning Programme which aims to build safe, practical AI skills across the sector.