The Data Gap: Why Nonprofit Cyber Incidents Go Underreported - Dark Reading

THREAT INTELLIGENCE REMOTE WORKFORCE Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables. The Data Gap: Why Nonprofit Cyber Incidents Go Underreported Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture. Arielle Waldman,Features Writer,Dark Reading March 13, 2026 2 Min Read SOURCE: ALEX SEGRE VIA ALAMY STOCK PHOTO Understanding the true scale of cyber threats against nonprofits is nearly impossible — not because attacks aren't happening, but because there is a lack of reliable ways to track them.  Unlike heavily regulated industries like healthcare or finance, nonprofits don't have consistent reporting requirements when breaches occur. The result is a fragmented picture that obscures the real danger these organizations face. It also makes it harder for them to build a case for increased support and resources.   We Need More Data In March 2025, Abnormal AI reported that advanced email attacks on nonprofit organizations grew by 35% over the previous year. During the same time frame, the email security company found a 50% increase in phishing attacks targeting nonprofits. Okta's "Nonprofits At Work 2025" report weaved a similar story; nonprofits ranked as the "second-most targeted industry" across the identity and access management (IAM) vendor's customer ecosystem. Related:Cyberattackers Don't Care About Good Causes Despite tidbits of nonprofit statistics, comprehensive data is tough to come by, explains Kelley Misata, Ph.D., CEO and founder of Sightline Security, which helps nonprofits bolster security by providing tools and education. Cybersecurity incidents against nonprofits are "significantly underreported" due to a range of factors, often appearing in the data as collateral damage from third-party attacks rather than as direct targets, she adds. "The short version: The data exists, but it's scattered, incomplete, and not always nonprofit-specific — and that's not a gap unique to us," Misata tells Dark Reading.   Methods to help nonprofits tackle cybersecurity challenges often involve throwing money at the problem, experts say. Though appreciated, nonprofits need more help than that. They require education, training, dedicated time, and to be taken seriously as a business — especially as economic uncertainties loom, insiders say. Despite these measurement challenges, security experts agree that waiting for perfect data isn't an option. Nonprofits need support now. Read "Cyberattackers Don't Care About Good Causes" for their recommendations.  Read more about: CISO Corner About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOps The Total Economic Impact™ Of Google SecOps The Business Value of Google Threat Intelligence The Total Economic Impact™ Of Google SecOps AI-driven SecOps: Transforming Financial Services Security Access More Research Webinars Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Tips for Managing Cloud Security in a Hybrid Environment? Zero Trust Architecture for Cloud environments: Implementation Roadmap Security in the AI Age More Webinars You May Also Like THREAT INTELLIGENCE Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish by Jai Vijayan MAR 17, 2026 THREAT INTELLIGENCE Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi MAR 06, 2026 THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBER RISK Electricity Is a Growing Area of Cyber Risk APR 22, 2026 VULNERABILITIES & THREATS NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities APR 16, 2026 СLOUD SECURITY Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads APR 13, 2026 CYBERSECURITY OPERATIONS RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever APR 7, 2026 Read More The Edge