Cyberattacks against nonprofits are on the rise. Often, nonprofits lack the time or resources to reduce the impact of these threats. Before we jump to the solution, let’s look at some of the most common attacks experienced by nonprofits in 2025:
Nonprofit Cyberattack: The ‘CEO’ Message Trap
Imagine this: Lucy, the fundraising manager at your nonprofit gets a message from the ‘CEO’ Mark that she urgently needs to update her account details. It’s right before pay day. Lucy see’s it’s from Mark, she’s in a rush, and panics about the message, thinking she won’t get paid in time. She quickly opens the link without thinking and inputs her account details. Lucy thinks nothing of it and moves on with her day. Until later she gets a call from her bank saying her account has been compromised. She is now $1000 down, not having realised that the message from Mark was a hacker.
Nonprofit Cyberattack: The 'HR’ Email
Months later, Mark, the CEO, is going through his inbox in the evening. It’s been a long day, filled with endless board meetings, and he’s trying to get his inbox down to 0. He’s already dealt with 28 emails. He opens the one from HR titled: Photos from last week's team building. Mark gets excited, finally an email with something that doesn’t evoke stress! He opens the link to the view the photos. But now his computer starts to glitch. By clicking the link from 'HR', a malware was downloaded onto his system. Mark sighs and bangs his forehead into his palms. He realises his whole nonprofit is now compromised.
These stories might sound made up, but they're adaptations of real cyberattacks we've seen. Wondering why nonprofits are targets, and how to protect yours? This article will help.
Why are Nonprofits being Targeted for Cyberattacks?
Nonprofits are easy targets because they're seen as lacking resources, budget, and security. They get targeted because they are smaller and may be easier to hack into. Here is the hard truth:
- 1 in 4 nonprofits have been hacked
- 68% have no incident response plan, and
- 60% of small organisations that experience a cyberattack go out of business within six months.
Luckily, the majority (76%) of data breaches involve human error.
You may be thinking – how is that lucky? Well, since most breaches involve human error, the solution revolves around minimising human error. With the right steps, this can be budget friendly. You can save your nonprofit from harmful cyberattacks, without reducing other essential spending.
Talk to us about this