A recent report reveals an alarming surge in cyberattacks targeting the nonprofit sector, with sophisticated email attacks increasing by 35% year-on-year. This trend, coupled with a 50% rise in phishing attempts and a 26% growth in malware incidents, underscores the urgent need for enhanced cybersecurity measures in the sector.

The root of this growing crisis lies at the intersection of economic pressures and technological sophistication. Nonprofits, already stretched thin by increasing demands for services amid funding challenges, often find themselves compelled to allocate resources to frontline services at the expense of robust cybersecurity measures. This financial tightrope walk creates a perfect storm of vulnerability, making the sector an increasingly attractive target for cybercriminals.

Adding to this complex landscape is the regulatory maze that nonprofits must navigate. From the General Data Protection Regulation (GDPR) to the EU Artificial Intelligence Act, organizations face a daunting array of compliance requirements. The challenge of adhering to these regulations while operating on constrained budgets further compounds the sector’s cybersecurity woes.

Considering the increasing cyberattacks and associated challenges outlined above, things could look particularly bleak for the nonprofit sector in 2025. However, as James Cherry, CEO at Northdoor plc explains the sector can look for practical solutions no matter their size or budget.

“This latest report confirms much of what we are seeing in the sector. Organisations are facing a number of challenges, including the increase in the number of attacks, with sophisticated email attacks being particularly challenging for nonprofits.
“With the financial and regulatory challenges exacerbating the problems things can appear daunting for the sector. The consequences of a breach and loss of data can be huge for nonprofits. Donations can dry up because of the reputational damage and the regulatory consequences mean further financial penalties.

“Therefore, nonprofits have to treat cybersecurity as a strategic priority as not doing so can impact the entire organisation. A big part of this is fully understanding the risks and allocating adequate funds to negate them.

“An easy practical solution to implement is to ensure that staff members are regularly trained so they can recognise a potentially malicious email and know how to deal with it. This means that the weakest link for many organisations is immediately strengthened ensuring that cybercriminals must find new routes to gain access to data.

“As the threat from cybercriminals increases in sophistication there also needs to be more collaboration within the sector. Sharing information about what the latest cyber threats look like with each other again negates the threat that cybercriminals carry. Education is one of the best tools nonprofits have in countering cybercrime.

“However, for many nonprofit organisations, a lack of internal expertise or resource means that ensuring that the latest threats are countered, and regulation adhered to is a real challenge. Some in the sector are turning to third-party consultancies which can provide the expertise to identify what the latest threats look like, educate staff and implement the best-fit solutions to keep cybercriminals out and data safe,” Cherry concluded.