Nonprofits were never built to wage cyberwar. Their missions are rooted in feeding families, funding research, and sheltering communities. Yet behind the scenes, these same organizations have quietly become prime targets for attackers.
“We are being targeted because we have assets. We have sensitive data. We have money, of course,” said Pam Knott, Vice President of Data and Technology at the ALS Association.
Nonprofits typically handle millions in donations and store sensitive personal records. As a result, they now rank as the second-most-targeted industry for cyberattacks, trailing only the energy sector. But unlike energy giants, most nonprofits lack the infrastructure to fight back. Ninety-two percent operate on budgets under $1 million — barely enough to run programs, let alone fund cybersecurity teams.
So how do nonprofits defend themselves?
By keeping it simple.
That’s the guidance from Conor Mulherin, Vice President of Corporate Products and New Business at TechSoup, a nonprofit that supports more than 1.5 million organizations worldwide. Mulherin finds that most breaches begin with something small: a weak or stolen credential. That’s why identity and access management tools are among the most effective defenses a nonprofit can deploy.
Increasingly, nonprofits and corporations alike are moving toward a unified identity framework — one layer of security that surrounds every user, application, and device. It’s the foundation of zero trust, the principle that nothing and no one gains access without verification.
But building that foundation isn’t easy.
“When customers try to stitch these products together, they have to be experts in each one and how they interconnect,” said Jack Hirsch, Vice President of Product Management at Okta. “They leave open seams. They leave security gaps.”
Few organizations understand the stakes better than the ALS Association.
For years, the nonprofit operated under a federated model: roughly 40 chapters across the country, each running its own systems, tools, and data protocols. But that introduced complexity — and risk.
“So three years ago, we began to unify,” said Samantha Luke, Senior Director of Technology and Support at the ALS Association. “One org. One CRM. One everything.”
In a world where attacks multiply faster than staff can respond, the ALS Association needed a standardized, secure foundation. Okta’s platform provides that foundation — connecting and protecting every identity in one cohesive system.
And through Okta for Good, nonprofits gain access to Okta resources, such as expert guidance and enterprise-grade tools typically reserved for Fortune 500 companies. This allows nonprofits to focus more resources on their core missions.
Because when the mission is as big as feeding communities, curing diseases, or lifting people out of crisis, security isn’t just an IT issue.
It’s part of the mission itself.
