Blackbaud, a social business cloud services provider, was attacked as part of a ransomware assault in February 2020. As a result, sensitive personal information, including financial information, was made public. Not only did they not discover they had been hacked until May, but they also didn’t publicly report it until July, leaving nonprofits wondering how safe their data is.

Nonprofit Cybersecurity: How to Keep Donor Data Safe

According to a Community IT study:

  • Nonprofits aren’t paying attention to cyber-threats: 70% of NGOs have not conducted a vulnerability assessment to identify their cybersecurity threats.
  • Nonprofits appear unconcerned about cyberattacks: Eighty percent of NGOs do not have a cybersecurity policy in place.
  • The danger is real: On average, hackers strike around 2,000 times every day.

Despite these figures, you may still be asking why nonprofits should be concerned about cybersecurity. After all, most organizations don’t exactly sleep on a large sum of money, do they? Let’s have a look at it together.

Why Should Nonprofits Care?

Nonprofits aren’t recognized for keeping a lot of cash on hand, so the danger of theft, especially online, may appear to be minimal. However, keep in mind that most hackers aren’t wanting your cheese, at least not directly.


“The world’s most precious resource is no longer oil, but data,” according to the Economist in 2017. In both legitimate and criminal markets, payment information, phone numbers, email addresses, passwords, social security numbers, and other personal information have value. They may be sold to whoever needs them, from honest firms trying to expand their sales contact lists to unscrupulous groups looking to utilize data to commit more crimes, after they’ve been acquired.

Nonprofits keep a lot of donor data, making them a tempting target for cybercriminals. It’s time to assess your cybersecurity if your company does any of the following:

  • Donation processing and event tickets are examples of e-commerce activity.
  • Storing and exchanging personally identifiable information, such as medical records, employee files, driver’s licenses, addresses, social security numbers, and credit card numbers, particularly when combined with contact information such as phone numbers and email addresses.
  • Collect and preserve personal preference data, such as contribution patterns, areas of interest, and newsletter subscriptions, among other things.

Your organization is likely to undertake more than one of the things on this list, making you a target. So, let’s take a deeper look at the risks that might affect your systems.

What are Cyber Threats?

When someone gets illegal access to your systems and takes data that may be sold, this is known as a data breach. Employee mistake, malevolent employee intent, or guessing or inferring login credentials can all lead to access.

Hackers who disagree with a company’s objective may infiltrate its network and install malware that prohibits it from operating. A propaganda-based group, for example, may hack a human rights nonprofit organization before an election to prevent it from endorsing pro-truth politicians.

Ransomware is a phrase for any software, virus, or malware that encrypts your computer and data and holds it hostage. These programs infect your computer and display messages requiring you to perform dubious acts in order to recover control of your system or retrieve your data.

Most organizations don’t have the kind of cash resources that thieves would find worthwhile, thus security isn’t high on the priority list. But now that we’ve established that data is the main objective and since organizations have a lot of personal information on hand, it should be clear why security is so important.