Understanding the true scale of cyber threats against nonprofits is nearly impossible \u2014 not because attacks aren’t happening, but because there is a lack of reliable ways to track them. <\/p>\n\n\n\n
Unlike heavily regulated industries like healthcare or finance, nonprofits don’t have consistent reporting requirements when breaches occur. The result is a fragmented picture that obscures the real danger these organizations face. It also makes it harder for them to build a case for increased support and resources. <\/p>\n\n\n\n
In March 2025, Abnormal Security reported that advanced email attacks on nonprofit organizations grew by 35%<\/a> over the previous year. During the same time frame, the email security company found a 50% increase in phishing attacks targeting nonprofits.<\/p>\n\n\n\n Okta’s “Nonprofits At Work 2025”<\/a> <\/a>report<\/a> weaved a similar story; nonprofits ranked as the “second-most targeted industry” across the identity and access management (IAM) vendor’s customer ecosystem.<\/p>\n\n\n\n Despite tidbits of nonprofit statistics, comprehensive data is tough to come by, explains Kelley Misata, Ph.D., CEO and founder of Sightline Security, which helps nonprofits bolster security by providing tools and education. Cybersecurity incidents against nonprofits are “significantly underreported” due to a range of factors, often appearing in the data as collateral damage from third-party attacks rather than as direct targets, she adds.<\/p>\n\n\n\n “The short version: The data exists, but it’s scattered, incomplete, and not always nonprofit-specific \u2014 and that’s not a gap unique to us,” Misata tells Dark Reading. <\/p>\n\n\n\n Methods to help nonprofits tackle cybersecurity challenges often involve throwing money at the problem, experts say. Though appreciated, nonprofits need more help than that. They require education, training, dedicated time, and to be taken seriously as a business \u2014 especially as economic uncertainties loom, insiders say.<\/p>\n\n\n\n Despite these measurement challenges, security experts agree that waiting for perfect data isn’t an option. Nonprofits need support now.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":" Understanding the true scale of cyber threats against n […]<\/p>\n","protected":false},"author":2,"featured_media":3066,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-3065","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category--en"],"_links":{"self":[{"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/posts\/3065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/comments?post=3065"}],"version-history":[{"count":0,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/posts\/3065\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/media\/3066"}],"wp:attachment":[{"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/media?parent=3065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/categories?post=3065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/moonsshieldhk.com\/index.php\/wp-json\/wp\/v2\/tags?post=3065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}