skip to Main Content

Nonprofits and Cyberattacks: Key Stats That Boards Need to Know


Are you managing cyber risk for your charity or nonprofit? Do you know the true costs of a cyberattack if it happens to your organisation?

We have put together some statistics and figures about cyber risk, ransomware and attacks on nonprofits in our latest infographic.

The nonprofit and charity sector plays a critical role in providing assistance to the most vulnerable individuals in our society. Charities demonstrate tireless dedication and ingenuity in their efforts to support beneficiaries, even in the face of significant challenges.

The impact of cyberattacks on the services, funds or confidential information of charities cannot be underestimated. Such attacks have the potential to cause severe financial and reputational damage, and they may also jeopardise the well-being of the vulnerable individuals who rely on your charity or nonprofit for support.

With the increasing adoption of online services and digital fundraising by charitable organisations, the potential for cyberattacks has also increased.

Infographic on Nonprofits and Cyberattacks

Download the infographic in shareable formats, pdf, jpg and ppt here.


The Number of Ransomware Attacks Is Rising

Ransomware attacks are on the increase with huge impacts. In 2022, 24% of charities identified breaches or attacks in the previous 12 months, according to the UK Government Cyber Breaches Survey 2023.

Some of the most prominent recent attacks include:

An attack on the servers of the International Committee of the Red Cross in September 2022, which resulted in 500,000 personal data and confidential information records being compromised.

A ransomware attack on The Edinburgh Festival Fringe Society in January 2022 cost the charity £95k. Only £25k was covered by insurance so the difference had to be funded from charity reserves.

“Ransomware continues to be a successful cyberattack and although the extent of the harm is underreported by most victims, ransomware remains hugely profitable for individuals and group offenders and equally disruptive for victims.” – National Fraud Intelligence Bureau (NFIB) Action Fraud

Nonprofits Are Unprepared Against Cyberattacks

According to the UK Giving Report 2023, UK charities raised £12.7bn in funds last year. Yet they often don’t have the necessary security measures in place, making them attractive to hackers.

But research carried out by the UK Government for The Cyber Security Survey shows that 7 out of 10 charities do not have board members or trustees explicitly responsible for cybersecurity, while 84% of charities said they do not have any cybersecurity plan.

Meanwhile, according to the Cyber Threat Report for the UK Charity Sector, 64% of charities report their staff regularly use their own devices for sharing information – exposing their organisations to additional threat opportunities.

“Staying ahead of [cyber risk] really comes down to you as a board members knowing the right questions to ask.” – Brian Stafford, President and CEO, Diligent

Other Impacts on Nonprofit Operations from Cyberattacks

Cyberattacks don’t just cause financial risk to charities; there are also operational impacts and other consequences.

For example, the average length of interruption after ransomware attacks on organizations in the United Kingdom in 2021 was 21 days.

A range of cyber incidents from data breaches to takeover of websites can also plague nonprofits. Consequences are significant and costly, including:

  • Identity theft
  • Reputation harm/loss
  • Precious funds have to be used to recover data
  • Spreading of politically motivated messages or malicious information
  • Holding the organization to scrutiny because of identified vulnerabilities in its cybersecurity
  • Disruption in the ability to carry out activities
  • Exposing sensitive data on donors and stakeholders

Governance Technology Helps Nonprofit Boards Establish a Sound Cybersecurity Framework

Governance technology helps boards protect sensitive client and donor data, as well as prevent, mitigate, and respond to cybersecurity threats.

Governance technology brings in a sound cybersecurity framework that provides:

  • Controls to limit 3rd party access
  • User-based permissions to protect sensitive information
  • Robust data encryption to secure board communication
  • The tools enable new board members to get up to speed quickly on cybersecurity policies

Alongside using governance technology, nonprofit boards should:

  1. Conduct regular security audits and training on cybersecurity
  2. Follow good practice in data management
  3. Have an emergency preparedness plan
  4. Have a clear vision of who-does-what after a breach

See how BoardEffect, a Diligent Brand, can help strengthen your charity or nonprofit’s cyber resilience. Request a demo today.

Jill Holtz

Jill is a Content Strategy Manager at Diligent. Her strategy background and content expertise working across a variety of sectors, including education, non-profit and with local government partners, allows her to provide unique insights for organizations looking to achieve modern governance.

Back To Top