Looking Ahead: 3 Cybersecurity Risks That Could Impact Your Nonprofit Clients in 2024

A recent 2023 cybersecurity report revealed that most nonprofit organizations have experienced a significant increase in cyberattacks over the past 12 months. However, despite the risks, many continue to serve their communities without the safety net of cyber insurance – citing a lack of resources and board support.

According to the report, 59% of large nonprofits believe their cybersecurity practices to be severely underfunded, while 65% consider cybersecurity initiatives to be inadequately managed. Okta, a leading independent identity partner for nonprofit organizations, stated that cyberattacks have become a major challenge for most nonprofits this year, with “bad actors looking to take advantage of vulnerable people, putting the organizations and the lives of those they support at even greater risk.”

With 2024 fast approaching, it is critical for your nonprofit clients to understand the risks that cybercriminals pose and be proactive in mitigating threats as the online security landscape becomes increasingly hazardous.

Here are the top three cybersecurity risks that experts believe the nonprofit sector will face in the new year:

Cybersecurity Risk #1: Social engineering and phishing
Hackers continue to use social engineering and phishing techniques to impersonate individuals and entities to manipulate people into divulging sensitive information – giving hackers access to operating systems, bank accounts, donor information, etc.

What makes nonprofits so vulnerable? Nonprofit organizations are typically thought of as trusting and less suspicious of people – especially individuals who claim to represent a charitable cause or organization.

Cybersecurity Risk #2: Physical in-house security risks
Approximately 85% of all nonprofits have no paid staff and rely entirely on volunteers. However, the use of volunteers can put an organization at risk for a cyberattack — especially when doing work that involves administrative tasks. Organizations need to be aware of in-house physical security risks such as shared passwords, sticking notes with passwords on a computer monitor or workstation, an unlocked computer, or a rogue volunteer or employee who has access to the organization’s private information.

What makes nonprofits so vulnerable? Hackers know that organizations frequently utilize volunteers to help with administrative tasks such as data entry, social media marketing, bookkeeping and even managing donor contributions. They also know that many organizations are understaffed and may not have the resources to properly train unpaid staff to safeguard the organization’s private information.

Cybersecurity Risk #3: Third-party data breaches
According to the 2023 Nonprofit Tech for Good Report, 27% of the nonprofits surveyed have fallen victim to cyberattacks involving third-party data breaches. A third-party data breach is when hackers target a vendor, supplier, contractor or other organization that has access to sensitive data and use it to steal or compromise the nonprofit’s database and/or operating systems.

What makes nonprofits so vulnerable? Hackers know that most nonprofit organizations routinely use third parties to procure and maintain a database of confidential donor information and therefore, consider organizations easy targets for malware attacks and breaches.

While knowing the risks, far too many nonprofits continue to operate with inadequate cybersecurity controls. This problem is predicted to become even more prevalent as new organizations adopt technologies to help them efficiently serve their communities. “[The] increased use of technology also brings increased cyber risks. Nonprofits that are less technologically savvy will need to understand how to safely use these systems to protect their data and ensure privacy.” Source: Risk & Insurance.

As for premiums, it is believed that as loss prevention efforts improve, the cyber insurance market may begin to show some signs of rate stabilization. In the meantime, some indicators suggest that the cyber insurance market will remain challenging as insurers look for ways to recoup high claim costs by increasing rates, reducing coverage limits and imposing stricter terms and conditions. Right now, it’s simply too early to predict what the market will reveal. In the meantime, it’s important to work with your nonprofit clients to help them find the cybersecurity insurance coverage that best fits their needs and budget.   

About Charity First

The incredible services that nonprofits provide come with unique and complex risks that are part of their everyday work in serving the elderly, children, and other vulnerable populations. This is why Charity First is committed to providing our retail partners across the country with best-in-class underwriting, consistent and responsive service, and risk management services that include comprehensive cybersecurity coverage that can be customized to meet the individual needs of their nonprofit clients.

To learn more about our cyber coverage or other products, please call 800-352-2761 or email marketing@charityfirst.com.