Cyber-attacks don’t just target for-profit organisations. Importantly, cybersecurity breaches are as painful and inconvenient to charitable and not-for-profit organisations as they are to any other type of organisation. When a cybersecurity breach exposes confidential data such as customer personal details, sponsors and donors data and funding details, there will be significant consequences whether the victim is a large profit-making business or a small charity. I want to correct the misconception that charities and not-for-profits don’t need robust cybersecurity.
A breach involving customers, clients or partners’ data is significant for several reasons. First, both profit making and not-for-profit organisations, share this under strict conditions of confidentiality and privacy. Whether deliberate or a genuine mistake, a hack that exposes this data is a breach of these conditions. Secondly, a data breach which exposes sensitive data means that anyone affected needs to undertake some actions to mitigate the effect of the breach. For example, employees, donors or partner companies may need to cancel and replace personal identity documents associated with the breach This is a great inconvenience and a lot of work for everyone involved from the people applying for new IDs and system credentials to the agencies which provide these services.
Not-for-profits, like commercial organisations also process and store sensitive data. Not-for-Profits need to secure and protect all data from donor details to client information as effectively as any other organisation with sensitive information. Not-for-profits are vulnerable to cyber-attacks for the same reasons as corporate entities, and there are recent examples of data breaches successfully targeting Australian not-for-profits. The damage and loss from these attacks are rarely minor, let alone the reputational damage of the organisation. Not-for-profits rated reputation as the second highest motivation for forming relationships between corporations and not-for-profits, according to a 2007 report cited by the Australian government’s department of Social Services .
So for not-for-profits, a cyber breach could mean loss of customers, loss of funding, a host of other unwanted and inconveniences on the organisation. Even if there are no such losses, any significant data breach will require the organisation to take action and give all their stakeholders the confidence that the situation is being handled properly.
Consequently, the demand for cyber security investment in people, processes and technology for not-for-profits is as important as it is for other for-profit organisations. Naturally this investment will not be cheap for any organisation. The interesting part is that currently cybersecurity is undergoing a lot of growth and innovation. Given that innovation has often come from unexpected places and born from a direct need to address specific problems, there’s an opportunity for not-for-profits to innovate effective security approaches for organisational systems and efficient protection of customer data.
Dr Omaru Maruatona will share his insights into developing cyber security strategies for funders and not-for-profits at Philanthropy Australia’s Cyber Security and Philanthropy webinar on Thursday, 9 November 2023. Register here.