Tech for Good: Investing in Nonprofit Cybersecurity

The nonprofit sector is the 2nd most targeted for cyberattacks, and a breach can have devastating consequences. It’s a problem we can expect to get worse, not better: the World Economic Forum recently identified cyber insecurity as one of the top 10 global risks over the next 10 years.

Despite this atmosphere of heightened risk, 70% of nonprofits report not having incident response capabilities in case of a cyberattack, and a lack of diversity in the industry means that the communities most vulnerable to cyber threats are underrepresented in the field.  

Cybersecurity is a social justice issue, and it’s one where technology professionals and funders can have a huge impact. By investing in nonprofit cybersecurity, we can defend mission-driven organizations against the increasing threat of cyberattacks and protect the communities they serve.  

To Protect Communities, Invest in Nonprofit Resilience

For public institutions and nonprofits, a cyberattack can be disastrous — and 41% of nonprofits report having been victims of a cyberattack within the past three years. These attacks can interfere with nonprofits’ ability to deliver critical social services such as access to healthcare and transportation, directly endangering the communities they serve.  

In addition to causing sensitive data leaks, financial losses, and legal liabilities, a cyberattack can interrupt operations, diverting resources away from an organization’s mission to deal with the fallout. Most nonprofits lack deep cybersecurity capabilities: at Tides, many of our nonprofit partners say the lack of resources and bandwidth make it challenging to address even the most basic cybersecurity needs.  

Alongside our partner Okta, we are resourcing nonprofits to build their cybersecurity capacity through the Okta for Good Fund, whose vision is to build a safely connected world where everyone can belong and thrive.   

Part of the Okta for Good Fund’s new $50 million commitment to provide unrestricted multi-year funding to nonprofits will go to its longtime partner, the CyberPeace Institute, whose mission is to reduce the harms from cyberattacks on people’s lives worldwide. By promoting and enabling coordinated, cross-sector support, they help address the information security needs of nonprofit agencies and the world’s most vulnerable communities. They accomplish this by providing nonprofits with free, tailored cybersecurity assistance, threat landscape analysis, and advanced threat alerts. “As cyber threats continue to be one of the greatest risks for the upcoming decade, safeguarding the entire digital ecosystem is critical to building a more secure world,” said Victor Cordon, Director of Social Impact at Okta. 

In line with its belief that the technology sector has a collective responsibility to improve tech access and capabilities for all, Okta also advances cybersecurity for nonprofits and communities by supporting NetHope’s Global Humanitarian Information Sharing & Analysis Center (ISAC) — a first-of-its-kind public-private partnership created to better protect nonprofits from rising cyberthreats. Leveraging partners’ expertise, ISAC offers nonprofits training, tools to respond to attacks, and information sharing on threats to build their capacity and enable them to increase their mission critical work.  

With everyone at the table, including tech companies, nonprofits, governments, and funders, we can design more effective cybersecurity solutions that empower and better protect at-risk communities. 

Close the Cybersecurity Workforce Gap With a Diverse Talent Pipeline

To ensure that the communities most vulnerable to cyberthreats are part of the solution, we need to increase diverse representation in the cybersecurity industry. Diversity within the cyber industry continues to lag, with only 24% of employees identified as women, 9% as Black, and 4% as Hispanic. The significant workforce gap in the field presents an opportunity to change these statistics. 

Education pathways are a natural and effective entry point for engaging people of diverse backgrounds to develop cybersecurity skills, and in 2021 the Consortium of Cybersecurity Clinics was established to support and promote the growth of the cybersecurity clinic model at higher education institutions. These clinics build students’ skills, who then provide free digital security services to underresourced nonprofit, community and infrastructure organizations, similar to the free community clinics offered by some law schools. This approach not only helps train the leaders of tomorrow, but it also delivers much needed cybersecurity services today.  

In 2023, Google.org created the $25M Google Cybersecurity Clinics Fund to support the expansion of the Consortium’s clinic footprint and worked alongside Tides to administer an open call and deploy grant funding for 25 new clinics across the country. In addition to the grants, Google.org offers optional pro-bono support and volunteer mentorship from Google employees. The Consortium further supports clinics with a wealth of resources such as curriculum ideas, guides, and community to build their programs. Housed in a range of institutions, including minority-serving institutions, rural-serving institutions, and both 2- and 4-year institutions, these clinics engage diverse student populations and communities. When announcing 15 new clinics receiving grants this past June, Heather Adkins, VP of Security Engineering at Google noted, “The world is in a moment where emerging technologies like AI are creating both new opportunities and threats in the world of cybersecurity. It’s essential that we invest in growing a strong, diverse and widespread cybersecurity workforce to help protect everyone — from critical infrastructure to small businesses and schools.”

There was an incredibly high response to the fund’s grant open call, affirming that this model has great potential for impact and resonates with local youth, communities, and leaders.  

In 2023, Google.org created the $25M Google Cybersecurity Clinics Fund and worked alongside Tides to administer an open call and deploy grant funding for 25 new clinics across the country.

Board Leadership Can Strengthen Nonprofits’ Digital Readiness

Every nonprofit needs a dynamic, connected board, sensitive to the particular needs of nonprofits. Cybersecurity is one such need. In fact, only 1 in 4 nonprofits report having a defined strategy for achieving digital readiness, and only about half of those actually have the resources to implement their strategy. 

To address this gap, Tides has partnered with Board.Dev, a social enterprise focused on building tech capacity in the nonprofit sector through tech board leadership. They place tech leaders on nonprofit boards, deliver tech governance tools and training, and help coordinate tech standards for the sector. A nonprofit-centric and connected board leader can be critical in developing transformative digital goals and heightened cybersecurity to serve the impact of their mission. Earlier this summer, Tides was proud to co-host an event with Okta and Board.Dev, to spotlight local nonprofit tech board leadership and set the tangible goal of delivering a tech-focused board member to every Bay Area nonprofit by 2027.  

Nonprofit boards need new voices that center community equity to help organizations make strategic and pragmatic technology decisions that will digitally protect them and the communities they serve. 

Collaboration Is Key

Cybersecurity crosses sectors, industries, and borders – and we know there is strength in public and private entities working together, sharing and combining tools, expertise, and voices. We see this in the work Okta is doing with the CyberPeace Institute and NetHope’s ISAC, in Google’s collaboration with the Consortium of Cybersecurity Clinics, and Board.dev’s model of bringing cybersecurity tech professionals to nonprofit leadership. In all cases, allies are supporting one another and advancing adoption of critical cybersecurity practices. Investing funds, time, and skills to strengthen nonprofit cybersecurity through channels like capacity building, a diverse talent pipeline, and nonprofit governance will protect vulnerable communities and build a more secure world.  

Tides is ready to help funders and tech professionals connect with, design, and deliver work that strengthens cybersecurity for mission-driven organizations. To learn more, contact us.