Cyberthreats and cyberattacks against the nonprofit sector have grown exponentially in recent years. Data from Microsoft shows that NGOs received 23% of all threat notifications from 2018 to 2021. Nonprofits are seen as an attractive target because they possess valuable data yet often lack sufficient resources to defend against attacks. According to Microsoft, 31% of all nation-state actor notifications are sent to nonprofits, making it the second most targeted industry by nation-state attacks. Cyberattacks on nonprofits are thus increasingly frequent, targeted, and have a disproportionate impact on the people they serve – many of whom are already at extreme risk.
Vulnerability to cybersecurity breaches is an existential threat to nonprofits. Yet, NGOs remain woefully under-resourced to protect against cybersecurity risks. Many do not have the necessary expertise on staff as it requires additional human capital, dedication, discipline, and technical acumen to do so – all of which are in short supply across already overburdened NGOs. Moreover, nonprofits only have access to solutions designed for for-profit businesses in high income countries that are contractually retrofitted to nonprofit operations and budgets with a token discount (typically ~10%).
Based on a collective analysis within the NetHope Member community, most NetHope Members are aware of cyberthreats, but their information security activities score in the inadequate zone. Most are only able to be reactive, and even when they do react, their responses are inefficient, inconsistent, and ad-hoc.
NetHope’s Digital Protection program seeks to preserve program continuity for the 1.2 billion vulnerable people that NetHope Members serve through nonprofit cyber resiliency and capacity building. The program aims to deliver stronger protection of sensitive information and effective cyber defense at lower costs and with less effort. By addressing key gaps and barriers to nonprofit cybersecurity, the program seeks to reduce the likelihood of harm to beneficiaries, as well as the economic and/or reputational loss to nonprofits from cyber risks.
Our comprehensive approach focuses on four interdependent components to achieve lasting change in cybersecurity across the nonprofit sector. These include:
Over the next five years, our vision is for Members to improve their capacity to address information security deficits, increase their qualified technical staff, and make use of partner offers and threat landscape insights.
While NetHope Member organizations will serve as the initial test and scale group, all tools, services, trainings, standards, and frameworks that emerge will be adapted and scaled to fit the diversity of nonprofits for broader sector-wide change. Our approach will consider the unique contexts, disparate threats, and various business models in the nonprofit sector, which dictate everything from funding constraints to mission alignment of staff and governance. Our goal is to address the needs of both large and small actors in the ecosystem, including local partner organizations at the end of the value chain. NetHope is uniquely positioned to deliver sector-wide impact based on our twenty-year track record of enabling mission-driven nonprofits to better serve communities through the smarter use of data and technology.
 ZDNet, “Microsoft announces security programs for nonprofits as nation-state attacks increase.” October 21, 2021.