The Data Gap: Why Nonprofit Cyber Incidents Go Underreported

THREAT INTELLIGENCE REMOTE WORKFORCE Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables. The Data Gap: Why Nonprofit Cyber Incidents Go Underreported Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture. Arielle Waldman,Features Writer,Dark Reading March 13, 2026 2 Min Read SOURCE: ALEX SEGRE VIA ALAMY STOCK PHOTO Understanding the true scale of cyber threats against nonprofits is nearly impossible — not because attacks aren't happening, but because there is a lack of reliable ways to track them.  Unlike heavily regulated industries like healthcare or finance, nonprofits don't have consistent reporting requirements when breaches occur. The result is a fragmented picture that obscures the real danger these organizations face. It also makes it harder for them to build a case for increased support and resources.   We Need More Data In March 2025, Abnormal Security reported that advanced email attacks on nonprofit organizations grew by 35% over the previous year. During the same time frame, the email security company found a 50% increase in phishing attacks targeting nonprofits. Okta's "Nonprofits At Work 2025" report weaved a similar story; nonprofits ranked as the "second-most targeted industry" across the identity and access management (IAM) vendor's customer ecosystem. Related:Cyberattackers Don't Care About Good Causes Despite tidbits of nonprofit statistics, comprehensive data is tough to come by, explains Kelley Misata, Ph.D., CEO and founder of Sightline Security, which helps nonprofits bolster security by providing tools and education. Cybersecurity incidents against nonprofits are "significantly underreported" due to a range of factors, often appearing in the data as collateral damage from third-party attacks rather than as direct targets, she adds. "The short version: The data exists, but it's scattered, incomplete, and not always nonprofit-specific — and that's not a gap unique to us," Misata tells Dark Reading.   Methods to help nonprofits tackle cybersecurity challenges often involve throwing money at the problem, experts say. Though appreciated, nonprofits need more help than that. They require education, training, dedicated time, and to be taken seriously as a business — especially as economic uncertainties loom, insiders say. Despite these measurement challenges, security experts agree that waiting for perfect data isn't an option. Nonprofits need support now. Read "Cyberattackers Don't Care About Good Causes" for their recommendations.  Read more about: CISO Corner About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE What CISA's Red Team Disarray Means for US Cyber Defenses by Becky Bracken, Senior Editor, Dark Reading MAR 21, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge THREAT INTELLIGENCE Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 MAR 16, 2026 CYBER RISK Cyberattackers Don't Care About Good Causes MAR 13, 2026 CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans MAR 12, 2026 CYBER RISK A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It MAR 11, 2026 Read More The Edge