skip to Main Content
How To Use Governance Technology

How To Use Governance Technology to Protect Not-for-Profit Board Members Against Cyberattacks

Cyberattacks are here to stay, and ransomware demands to organisations are unfortunately skyrocketing. Not-for-profit and charity boards need to know the essentials of how to protect data and their board members against cyberattacks.

Not-for-profits rely heavily on mobile and digital technologies to manage and fulfil their missions. Collecting and managing data has always been an essential part of delivering nonprofit services and activities, but the last decade has seen an increased reliance on technology to facilitate. The downside of the reliance on technology adds a new vulnerability – the risk of cyberattacks.

Here’s how governance technology can help tackle this key risk area for your organisation.

Cyberattacks are on the Rise

Cybersecurity incidents have risen dramatically over the last few years. Sadly, the truth is that not-for-profit organisations are among targeted groups for cyberattacks, because defenses can be easily breached allowing access to sensitive data.

NGOs, charities and not-for-profits raise over €25 billion each year, receiving funds from around the world, but they often don’t have the necessary security measures in place, making them attractive to hackers. According to the National Cyber Security Centre only 27% of UK charities have used security monitoring tools, 14% have undertaken any type of cyber vulnerability audit and only 10% use threat intelligence. If your not-for-profit is collecting and storing personal information about individuals who are vulnerable or at-risk, then that data is also attractive to cybercriminals. They are interested in using identity information for fraud, therefore any personal information stored that can be accessed is vulnerable.

Hackers also make a lot of money from ransoms paid after data breaches. In addition to the cost of paying for ransoms, the huge amount of time spent dealing with the breach and aftermath can have a heavy impact on the board and nonprofit management. All that time has a cost, and also takes away from the day-to-day business of running the charity, as well as from progressing other much needed projects.

The Facts are Stark

In 2022, three in ten charities (30%) report having any kind of cyber security breach or attack in the last 12 months, according to the Cyber Security Breaches Survey: 2022. 87% of these charities reported phishing attempts, while 23% identified a more sophisticated attack type such as a denial of service, malware or ransomware attack

Recent prominent incidents include an attack on the servers of the International Committee of the Red Cross, which took place in September 2022. It compromised personal data and confidential information of over 500,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster as well as missing persons and their families, and people in detention.

The costs of the attacks don’t just include the ransom itself, there are data recovery costs, the cost of down time, increased insurance costs, and even fines from regulatory bodies following data protection breaches.

“Cybersecurity and data protection is one of the most pressing issues not just for the CIO, but for executive teams and organisations boards. The problem is many have not realised that yet. We welcome any and all input in this space.” – Feedback to Microsoft survey

Other Issues from Cyber Incidents Affecting Not-for-Profits

Ransomware isn’t the only issue. A range of cyber incidents from data breaches to takeover of websites can plague nonprofits. Consequences are significant and costly, including:

  • Disruption in ability to carry out activities
  • Access to data held on donors and clients
  • Identity theft
  • Reputation harm/loss
  • Precious funds have to be used to recover data
  • Spreading of politically motivated messages or malicious information
  • Holding the organisation to scrutiny because of identified vulnerabilities in its cybersecurity

As a company firmly committed to modern governance, we understand the substantial disruption that the challenges of a major crisis can present for governing bodies. To help governance leaders prepare for future crises, we’ve put together a Crisis Management Toolkit with core considerations and guidelines, tips and best practices to implement immediately. Download your copy now!

Why Not-for-Profit Boards are Vulnerable

cyberrisk for not-for-profits

If not-for-profits’ attractiveness to cybercriminals weren’t enough, not-for-profit boards are also among the least prepared groups when it comes to cybersecurity. Charities are less likely than businesses to employ technical cyber security controls, while 64% of charities report their staff regularly using their own devices, vs 45% of businesses.

The 2022 Ponemon Institute Report “The State of Cybersecurity and Third-Party Remote Access Risk” found that many cyberattacks occur due to unchecked access to third parties. In addition, charity boards often don’t have appropriate security resources, practices, or knowledge to ward off cyberattacks.

This highlights a large gap in infrastructure and operation of not-for-profit boards. Charities and not-for-profits that don’t prepare for and mitigate against cyber-attacks risk not only the loss of sensitive client and donor data but also possible legal action against the organisation.

Using Governance Technology Helps Not-for-Profit Boards Establish a Sound Cybersecurity Framework

Using governance technology helps boards protect sensitive client and donor data, as well as prevent, mitigate, and respond to cybersecurity threats.

Governance technology brings in a sound cybersecurity framework that provides:

  • Controls to limit 3rd party access
  • User-based permissions to protect sensitive information
  • Robust data encryption to secure board communication
  • Allows new board members to get up to speed quickly on cybersecurity policies

Community members look to nonprofit boards for leadership in the event of a cyber emergency. The board needs to have a clear vision of who-does-what after a breach.

Microsoft’s Nonprofit Guidelines for Cybersecurity and Privacy identifies key cybersecurity and data protection challenges for charities and not-for-profits, and outlines possible first steps they can take to bolster cybersecurity and protect data.

Operating robust cybersecurity and cybersafety practices will allow not-for-profits to protect their board, their community members and keep their clients safe as they support them.

BoardEffect board management system is an all-in-one platform that contains all the tools your nonprofit board needs to conduct board meetings and share sensitive files and messages at any time. The BoardEffect portal offers built-in state-of-the-art security so there’s no concern over cybercriminals hacking into your board business. It’s a highly effective tool for managing all your board activities and processes, and it’s an easy thing to take off your plate so you can focus on the overall security of your organisation.


Jill Holtz

Jill is a Content Strategy Manager at Diligent. Her strategy background and content expertise working across a variety of sectors, including education, non-profit and with local government partners, allows her to provide unique insights for organizations looking to achieve modern governance.

Back To Top