Sensitive beneficiary data held in ageing systems. Trustees who lack the confidence to challenge cyber risk. GDPR obligations that nobody owns. Lean IT teams stretched thin with no strategic leadership above them. These are not just IT problems. They are governance and trust problems. Starkhorn solves them through fractional and interim CIO and CISO leadership, embedded in your organisation, reporting in plain English your board can actually act on. Your mission deserves the same quality of technology leadership as any commercial organisation, protecting your beneficiaries, your data and your trustees, without the cost of a full-time hire.
In most charities, technology sits outside the boardroom conversation entirely. Privacy notices and consent records drift out of date. Cyber risk goes unchallenged because nobody on the board has the technical confidence to ask the right questions.
Trustees get vague answers on cyber posture, or no answers at all. And every year, the gap between what technology could do for your mission and what it actually costs widens. We bring senior technology leadership built specifically for charities and not-for-profits.
Every assessment, every recommendation, and every board report is framed in beneficiary protection, GDPR compliance, and trustee assurance, not infrastructure jargon.
Providing senior IT leadership on a fractional basis to one of the UK’s best-known health charities, started May 2026 and ongoing.
Beneficiary data sensitivity is central to every technology decision in this environment.
This is sector experience in practice, right now, not sector experience in theory.
Served as Non-Executive Director for Digital and Technology from 2019 to the present.
Bringing independent technology governance and challenge to the board of the UK’s largest older people’s charity, with first-hand insight into how trustees work and what they need to discharge their responsibilities.
Served as interim CIO and CISO at VetPartners, a GBP 1.2bn turnover business with 14,000 staff, backed by BC Partners.
Evidence that the same senior leadership scales from a multinational down to a lean charity team, with the judgement to match the recommendation to your budget and capacity.
The first step in every engagement.
Within the opening weeks, we map your technology estate, assess your cyber security posture, review how you hold and protect beneficiary and donor data, evaluate your IT capability, and deliver a board-ready report with a prioritised roadmap, all framed in beneficiary protection and trustee assurance.
This assessment becomes the foundation for everything that follows: GDPR remediation, cyber hardening, supplier oversight, and long-term technology strategy.
Not a technical audit.
A practical assessment that identifies where your data is exposed, where your cyber gaps sit, and where constrained budget is being spent without return, all presented in plain English your board can act on.
Most charities are spending on technology that does not serve their mission. We find it, quantify it, and show you how to redirect it.
Every engagement begins with a thorough mapping of the data you hold.
What you hold. Where it lives.
Who has access. What your obligations are under GDPR.
From there we build a practical remediation plan around your capacity and budget, not an ideal-world standard your team cannot realistically achieve, covering privacy notices, consent records, DPIAs and ICO readiness.
A growing number of funders, commissioners and government contracts now require Cyber Essentials as a baseline condition, and the higher-assurance Cyber Essentials Plus is increasingly expected too.
We carry out a readiness assessment, identify the gaps, support remediation, and prepare your organisation for certification before the deadline arrives. The goal: certification that demonstrates to donors, beneficiaries and the Charity Commission that you take data and cyber security seriously.
Every finding framed in beneficiary protection, GDPR compliance, cyber resilience, and trustee assurance. RAG-scored across key domains with a prioritised roadmap at 30 days, 90 days, and 12 months.
Presented to your board in person, not emailed as a PDF. No technical jargon. No infrastructure complexity. Just clarity your trustees can use to discharge their governance duties.
A single data breach or compliance failure does not just carry a regulatory penalty. For a charity it can destroy public trust and threaten the organisation’s ability to serve its mission, a cost no annual budget can absorb.
The charities that protect their mission are the ones that bring senior technology leadership in before something goes wrong, not after.
Every year without independent technology oversight is a year where data exposure grows, cyber gaps widen, and your trustees carry risk they cannot see.
Not a technical audit. A practical assessment that identifies where your data is exposed, where your cyber gaps sit, and where constrained budget is being spent without return, all presented in plain English your board can act on. Most charities are spending on technology that does not serve their mission. We find it, quantify it, and show you how to redirect it.
Sensitive data held in ageing or poorly secured systems is where charities are most exposed. We map what you hold, identify where it is at risk, build the remediation roadmap, and review the suppliers you rely on, so beneficiary and donor data is protected from day one, not after a breach.
RAG-scored reporting across key domains with a prioritised roadmap at 30, 90, and 365 days. Presented to your board in person, in the language trustees use, beneficiary protection, GDPR compliance, cyber resilience, and governance assurance. Not emailed as a PDF. Not written in jargon.
Cyber posture evidenced. Data mapped and protected. GDPR obligations met. Cyber Essentials readiness demonstrated. Everything a regulator, funder or commissioner will want to see, assessed, addressed, and documented before they ask. Technology becomes proof of good stewardship, not a governance risk.
The Non-Profit Diagnostic Toolkit
Use Starkhorn’s free diagnostic tools across your organisation. Your leadership team self-assesses in under 5 minutes. Results give you an honest view of where your technology and cyber security stand, with no cost and no obligation, before you commit to anything.
Share the diagnostic links with your leadership team
Each assessment completes in 3 to 5 minutes
Review your technology and cyber maturity scores
Where the results point to a gap, we offer a scoping call. No cost to your organisation. No obligation. Starkhorn only engages where we can genuinely move the needle for your mission.
“The assessment takes 3 minutes. The conversation takes 20. Across 20+ years in technology and security, 15+ of them in leadership roles, we have consistently given boards clarity they did not have before.” Daniel Jacobs, Founder, Starkhorn
The Technology Health Check is a free diagnostic designed for charities and not-for-profits. It gives you a structured view of where your technology is helping or hindering your mission, scored across eight dimensions, with a one-line recommendation for each. It tells you where the gaps and risks sit before you commit to anything.
8 dimensions. Immediate results. No cost. No obligation.
We will review your organisation’s publicly visible technology and cyber indicators, website infrastructure, software footprint, security posture signals, and give you a 15 minute briefing on what we see. No preparation needed from you. No obligation.
Free for trustees and leaders of charities and not-for-profits.
Whether you need a fractional CIO for strategic leadership, a CISO to address cyber and data protection risk, or simply a senior independent voice to support your trustees: start with a conversation.
Common questions
Can a fractional CIO or CISO really work for a charity our size?
Yes. The fractional model suits organisations that need senior expertise but cannot justify, or fund, a full-time hire. Starkhorn works with charities and not-for-profits from 100 to 5,000 employees. The engagement scales to your needs, whether that is one or two days a week, a defined project, or cover during a transition, at a fraction of the cost and with none of the employment overhead.
We hold sensitive beneficiary data. How does Starkhorn approach data protection?
It is treated with the seriousness it deserves. Starkhorn brings direct experience from live engagements in the sector, including work at Alzheimer's Society where beneficiary data sensitivity is central to every decision. Every engagement begins by mapping what data you hold, where it lives, who has access, and your obligations under GDPR, then builds a practical plan around your capacity and budget.
Our trustees are not technology specialists. How do you work with boards?
Most charity trustees are not technology specialists, and they should not need to be. Starkhorn translates complex technology and cyber risk into plain English, so trustees can fulfil their governance obligations with confidence. Daniel's experience as a Non-Executive Director at Age UK means he understands how boards work and what they need to discharge their responsibilities properly.
Do we need to achieve Cyber Essentials certification?
Many funders, commissioners and government contracts now require Cyber Essentials as a baseline condition. Even where it is not mandated, certification shows donors, beneficiaries and the Charity Commission that you take data and cyber security seriously. Starkhorn can run a readiness assessment, identify gaps, support remediation and prepare you for certification. The free Cyber Essentials Readiness tool on this site is a good starting point.
What does an engagement cost, and is there a minimum commitment?
Engagements are structured around your needs and budget, so there is no single fixed price. Starkhorn is transparent about cost from the first conversation. There is no obligation from an initial discussion, and the free assessment tools on this site are genuinely free, with no sales follow-up unless you choose to make contact.
The Technology Health Check shows where your technology and cyber leadership has gaps, scored across eight dimensions with a one-line recommendation for each.
Weekly technology leadership insights.
Read past editions →
Charity CIO usually means Charitable Incorporated Organisation, a legal structure registered with the Charity Commission. This page is about the other meaning: the Chief Information Officer, the senior technology and cyber security leadership role. Starkhorn provides that leadership for charities and non profits on a fractional or interim basis.
A fractional CIO for charities is a senior technology and cyber leader who works a few days each month, sized to lean and restricted budgets. The role sets technology strategy, protects donor and beneficiary data, controls supplier costs, and reports technology and cyber risk to trustees in plain language, all under one accountable leader.
Starkhorn is led by Daniel Jacobs, whose sector experience includes work with Alzheimer's Society and a Non Executive Director role at Age UK. That background covers the realities non profits face: restricted funding, lean technology teams, regulator and donor data sensitivity, and the need to report technology and cyber risk clearly to trustees and the board.
| Option | Best for a charity when | Time commitment | Typical use |
|---|---|---|---|
| Fractional CIO and CISO | You need ongoing senior leadership but cannot justify a full time salary | A few days each month, continuing | Strategy, cyber security and supplier control on a lean budget |
| Interim CIO and CISO | You face a gap, transformation or crisis needing full focus | Full time for a defined period | Cover a vacancy, lead a change programme, stabilise after an incident |
| Permanent CIO and CISO | The role is large and continuous enough for a dedicated hire | Full time, ongoing employment | A standalone in house executive once scale justifies it |
Charity CIO usually means Charitable Incorporated Organisation, a legal structure registered with the Charity Commission. This page is about the other meaning: the Chief Information Officer, the senior technology and cyber security leadership role. Starkhorn provides that leadership for charities and non profits on a fractional or interim basis.
A fractional CIO gives a charity senior technology leadership for a few days each month, instead of a full time hire. The role sets technology strategy, strengthens cyber security, controls supplier and licensing costs, reports technology and cyber risk to trustees in plain language, and builds the internal capability to run things without ongoing dependence.
Choose fractional when the charity needs ongoing senior technology leadership but cannot justify a full time salary against restricted funding. Choose interim to cover a gap, a transformation, or a crisis with full time focus for a defined period. Choose permanent once the role is large and continuous enough to warrant a dedicated hire.
Yes. For most charities and non profits, one experienced leader can hold both the CIO and CISO remit, setting technology strategy and owning cyber security together. This is efficient for lean budgets and avoids two separate hires. Daniel Jacobs covers both roles, drawing on 20+ years in technology and security, 15+ of them in leadership roles.
Starkhorn provides fractional and interim CIO and CISO leadership for charities and non profits, led by Daniel Jacobs. Sector experience includes work with Alzheimer's Society and a Non Executive Director role at Age UK. The focus is technology strategy, cyber security, donor and beneficiary data protection, and clear reporting to trustees and the board.
Cost depends on the days needed each month and the scope of the technology and cyber remit. Fractional leadership is structured to fit lean and restricted budgets, costing far less than a full time executive salary. See the pricing page for how engagements are scoped, then book a conversation for a figure matched to your charity.