Charities in fear of cybercrime: report
Posted on 06 Sep 2023
By Greg Thom, journalist, Institute of Community Directors Australia
One in five Australian charities and not-for-profits fears that a cyber security attack would devastate their organisation, according to a new report.
The Australian Nonprofits State of the Sector 2023 report also revealed that 8% of survey participants admitted they had been affected by a cyber security incident in the past 12 months.
The disturbing findings come in the wake of the Pareto Phone data breach in which the personal details of more than 50,000 charity donors were released to the dark web by cyber hackers.
Among up to 70 charities affected were the Fred Hollows Foundation, Amnesty International, the Australian Conservation Foundation and the Cancer Council.
The Pareto breach comes as the Office of the Australian Information Commissioner (OAIC) released its latest Notafiable Data Breaches Report.
There were 409 data breaches reported to the OAIC in the six months to June 2023 with 42 per cent classified as cyber security incidents.
The sector report surveyed 830 organisations registered with the Australian Charities and Not-for-profits Commission on issues ranging from the impact of covid on fundraising to their level of digital competency and cyber security training and capabilities.
Key findings included:
- Two out of three NFPs reported a drop in funds raised in FY2022–23 compared to FY2021–22.
- Half of NFPs surveyed said covid had negatively affected their fundraising efforts.
- More than half (57 per cent) categorised their organisation’s digital competency as “average” while 31% acknowledged it needed to be improved.
- Just one in three NFPs said they are compliant with data privacy regulations.
- The vast majority of NFPs (92%) said they did not want to accept cryptocurrency donations.
The report also revealed that organisations with deductible gift recipient (DGR) status, which allows donors to claim tax breaks on their contributions, were twice as likely to have company giving partnerships as non-DGR charities.
The report, sponsored by social enterprise Little Phil and prepared on behalf of the Charity Research Centre Australia, includes input from experts from across the sector.
They include Professor Myles McGregor-Lowndes of the Australian Centre for Philanthropy and Nonprofit Studies at QUT; the director of the Centre for Public Value at the University of WA Business School, Professor David Gilchrist, and the CEO of technology-focused social enterprise Infoxchange, David Spriggs.
The report builds on insights from the 2020 State of the Industry Survey – Impacts of COVID-19 on Nonprofit Fundraising, but delves deeper into the sector’s digital and cyber security capabilities.
Researchers found the unprecedented challenges brought about by the pandemic highlighted the digital shortcomings of NFPs and charities.
“As the world rapidly embraces a digital-first approach, nonprofits without adequate digital capabilities face inherent risk,” the report’s authors said.
“These risks are further amplified for organisations lacking cybersecurity training and robust systems, leaving such parties as beneficiaries, employees, donors and sensitive information vulnerable to cyber criminals.”
The report described the responses to questions relating to cyber security threats as “alarming”, with 20 per cent of those surveyed agreeing a cyber attack would “completely devastate” their organisation.
Even though organisations feared the consequences of a cyber attack, there was a “worrying lack of cyber security training and resources available to nonprofit organisations.”
More than 80% of survey participants admitted to having had no recent cybersecurity training and 88% said they had devoted none of their budget to protecting themselves against cyber threats.
“This clarifies why many organisations have demonstrated what is perceived to be a low understanding of data handling privacy and what the potential impacts of a cyber security incident may have on their organisation,” the report found.
“As the world rapidly embraces a digital-first approach, nonprofits without adequate digital capabilities face inherent risk,”
Fundraising battered on multiple fronts
Two out of three charitable organisations polled (64%) reported a decline in fundraising dollars coming in in the 12 months to June 30, 2023, compared to the previous financial year.
The report said factors ranging from the war in Ukraine to rising inflation and interest rate hikes had contributed to donors being more conservative in their giving, making fundraising challenging over the past year.
While 75.2% of charitable organisations in the 2020 report predicted covid would negatively affect their fundraising efforts, this fell to about 50% in the most recent study based on more solid evidence.
About 5% of survey participants, most likely health-related NFPs and those working in pandemic relief, reported that the impact of covid had helped increase their fundraising.
The sector goes digital
Charities’ and NFPs’ operations are expected to be carried out increasingly online, as fundraising, digital payments and government reporting systems all transition from analog systems.
Despite the pandemic ushering in a new era of working from home, two-thirds of survey participants said they were not concerned about potential cyber security and data privacy issues related to workers accessing systems remotely.
The report’s authors said the potential for cyber attacks to devastate NFP organisations and erode the trust of donors and beneficiaries who relied on their services was “significant.”
This could in turn lead to the exploitation of some of Australia’s most vulnerable citizens.
Emerging giving trends
While company giving was identified as a growing segment of fundraising in Australia, 83 per cent of charities and NFPs reported having no company giving partnerships.
DGR-registered organisations were twice as likely to be in company giving partnerships as non-DGRs.
Researchers suggested this discrepancy could be attributed partly to a lack of resources that could be used to secure partnerships in smaller non-DGR organisations, and possibly tax incentives that encouraged more companies to give to DGR-endorsed charities.
No love for cryptocurrency
Just 8% of survey participants said they already accepted cryptocurrency donations or would be happy to do so.
Researchers said this low number was unsurprising given the decline in value of the cryptocurrency market and negative media segment toward digital currencies.
The lack of training in cybersecurity and digital capabilities could also be contributing to a fear of accepting donations via emerging technologies and channels.
Next steps
The report’s authors said the survey results demonstrated “a severe lack of training, knowledge and resources” to ensure NFPs were equipped to fundraise and operate in a digital world.
They made several recommendations to address that situation, including these:
- NFPs and responsible persons (such as those on NFP boards) should audit their digital operations.
- NFPs should invest in training and support.
- Governments should provide education services designed to increase NFP digital and cybersecurity capabilities.
- Governments should provide funding for NFPs to secure “mission critical” digital solutions and services.
- Donors and philanthropists should cover the costs of protecting NFPs’ sensitive data against cyber-crime.
- Donors and philanthropists should insist that NFPs use secure digital methods of processing donations.
Little Phil co-founder and CEO Josh Murchie said that data-driven decision-making was pivotal in driving positive change and that the report would be a vital resource for the not-for-profit sector.
"This research sheds light on the challenges and opportunities facing nonprofits in Australia, and it will undoubtedly serve as a valuable guide for organisations striving to make a positive impact in our society."
More information
Download the Australian Nonprofits State of the Sector 2023 report