Cybersecurity Threats Putting NFPs at Risk


Infoxchange has unveiled its  2023 Digital Technology in the Not-for-Profit Sector Report revealing that the sector is largely ill-equipped to respond to a rapidly evolving digital landscape and respond to increasing service demand in the community.

Despite the Australian not-for-profit sector being responsible for employing more than 1.4 million Australians with 3.2 million volunteers and $190 billion in annual revenue, lack of digital capability and increasing cybersecurity risks are undermining the sector’s ability to address Australia’s largest humanitarian and social justice challenges.

Infoxchange CEO David Spriggs said, “It has never been more important to build the digital capabilities and resilience of the not-for-profit sector. As Australians bear the brunt of the cost-of-living crisis, this is putting greater pressure on not-for-profits and local community organisations who are at the front line in responding to record levels of service demand.”

In its eighth year, the annual survey saw its highest level of engagement from the sector, with more than 1,000 organisations providing insights into their use of digital technology to drive impact. Organisations in the survey range from homelessness and family violence services, community development organisations, disability service providers, disaster relief, First Nations-led organisations and more.

Some of the key findings include:

  • One in eight organisations surveyed in the report had experienced a cyber security incident in the past twelve months.
  • 23% have effective processes to manage information security in place, enabling staff and volunteers to understand how they can keep the organisation’s information safe.
  • 39% of organisations have implemented multi-factor authentication for all internet-facing systems with sensitive data, and only 13% of organisations agreed they have a clearly documented plan to improve cyber security protection.
  • 12% of NFPs regularly conduct cybersecurity awareness training and just 1 in 5 have a cybersecurity policy in place. These concerning findings underscore critical vulnerabilities within the sector, exposing it to security breaches, data losses, severe reputational harm and lack of trust from donors and funders.

The report comes amidst a plea from the Community Council of Australia to the Prime Minister highlighting the cybersecurity risks affecting Australian charities, emphasising that the 2023-2030 Australian Cyber Security Strategy discussion paper fails to acknowledge charities and not-for-profits, despite their significant contributions to the Australian workforce, GDP and community well-being.

“Despite this massive footprint in our economy and in our lives, charities and not-for-profits have not been provided with the support they need to deal with an increasingly sophisticated level of cyber-attacks. Unlike business, charities spend every spare dollar they can find on serving their communities. Allocating more resources to strengthen cyber security would mean reducing the level of services available in our communities. Many charities and NFPs struggle to withdraw services, even though cybersecurity is clearly an important priority,” said David Crosbie and Tim Costello AO from the Community Council for Australia.

Australia lags behind other countries in supporting the not-for-profit sector, with countries like Singapore and Canada launching Charities Capability Funds to enhance the digital capability of charities. Last year, Australia was crowned the “most hacked nation in the world” with evidence showing the NFP sector’s lack of resourcing greatly increases this risk.

You can read the full report here.


Comments are closed.