Skip to content
Tech News
← Back to articles

The Data Gap: Why Nonprofit Cyber Incidents Go Underreported

2026-03-13 | original
read original get Cybersecurity Awareness Poster → more articles
Why This Matters

The underreporting of cyber incidents in the nonprofit sector hampers understanding of the true threat landscape, making it difficult for organizations and the industry to respond effectively. As nonprofits face increasing cyberattacks, the lack of reliable data impedes targeted security improvements and resource allocation. Addressing this data gap is crucial for strengthening cybersecurity defenses and protecting vulnerable organizations and their beneficiaries.

Key Takeaways

Understanding the true scale of cyber threats against nonprofits is nearly impossible — not because attacks aren't happening, but because there is a lack of reliable ways to track them.

Unlike heavily regulated industries like healthcare or finance, nonprofits don't have consistent reporting requirements when breaches occur. The result is a fragmented picture that obscures the real danger these organizations face. It also makes it harder for them to build a case for increased support and resources.

We Need More Data

In March 2025, Abnormal Security reported that advanced email attacks on nonprofit organizations grew by 35% over the previous year. During the same time frame, the email security company found a 50% increase in phishing attacks targeting nonprofits.

Okta's "Nonprofits At Work 2025" report weaved a similar story; nonprofits ranked as the "second-most targeted industry" across the identity and access management (IAM) vendor's customer ecosystem.

Related:Cyberattackers Don't Care About Good Causes

Despite tidbits of nonprofit statistics, comprehensive data is tough to come by, explains Kelley Misata, Ph.D., CEO and founder of Sightline Security, which helps nonprofits bolster security by providing tools and education. Cybersecurity incidents against nonprofits are "significantly underreported" due to a range of factors, often appearing in the data as collateral damage from third-party attacks rather than as direct targets, she adds.

"The short version: The data exists, but it's scattered, incomplete, and not always nonprofit-specific — and that's not a gap unique to us," Misata tells Dark Reading.

Methods to help nonprofits tackle cybersecurity challenges often involve throwing money at the problem, experts say. Though appreciated, nonprofits need more help than that. They require education, training, dedicated time, and to be taken seriously as a business — especially as economic uncertainties loom, insiders say.

Despite these measurement challenges, security experts agree that waiting for perfect data isn't an option. Nonprofits need support now. Read "Cyberattackers Don't Care About Good Causes" for their recommendations.

Explore topics: abnormal security okta sightline security cyberattackers phishing
Related:
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
Police sinkholes 45,000 IP addresses in cybercrime crackdown
Canadian retail giant Loblaw notifies customers of data breach
'BlackSanta' EDR Killer Targets HR Workflows
Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn

© 2026 GoKawiil

About | Editorial Policy | Contact