Nonprofits aren’t nice-to-haves. They’re critical infrastructure, providing essential services such as disaster relief, food security, and youth mentorship to communities, regions, and countries.
But this vital work has made these organizations a prime target for cybercriminals. The digital platforms nonprofits rely on to further their missions are packed with the very data hackers want: personal information of the people the organizations serve, the financial records of their donors, and more.
Hackers want in, and it shows.
Okta’s Businesses at Work 2025 report reveals that nonprofits are the second-most attacked industry after the energy, mining, oil, and gas sector.
Recent data from NetHope, a consortium that helps nonprofits use technology to further their respective missions, notes that nonprofits are reporting an increase in the types and frequency of cyberattacks.
According to the organization’s 2025 State of Humanitarian and Development Cybersecurity Report, phishing and account compromise surged to affect 94% of organizations in 2025, up from 74% the previous year. Digital financial fraud also increased, impacting 45% of organizations, compared to 35% in 2024. While insider threats remained a concern at 26%, new threats like mercenary spyware emerged, reported by 16% of respondents.
And it’s not just their data that makes nonprofits tempting targets. It also comes down to what they don’t have.
As Dianna Langley, NetHope’s Interim Chief Executive Officer and Chief Operating Officer, explains, "Nonprofits are caught in an impossible squeeze with their cybersecurity budgets flatlining while facing an explosion of sophisticated threats that target the organizations that serve our most vulnerable populations.”
Bret Pudenz, a senior director of engineering at the nonprofit CarePortal, a care-sharing platform connecting caseworkers and communities with families in crisis, echoes this assessment.
"Almost surely it’s the lack of staff and resources to protect themselves," he says. "If you're a hacker, the primary thing you’re going to look for is weak points in any system. Nonprofits are probably one of those spots."
Rethinking the corporate social responsibility model
Understanding the vital role nonprofits play, technology companies have long sought to help resource-strapped organizations through generous software donations. However, these well-intentioned donations create a paradox: The very resource gaps that make nonprofits vulnerable can also prevent them from successfully deploying and managing new tech. And when it comes to security, even the most powerful solution is only as effective as its implementation.
To bridge this gap, a new model of corporate social responsibility is needed, one that recognizes the importance of pairing new tech with expertise. This reimagined approach is the driving force behind programs such as Okta for Good’s Technical Services for Nonprofits.
“Nonprofits are vital parts of our social infrastructure, which means their digital security is public security,” says Remy Champion, director leading the Okta for Nonprofits team. “Our approach is to provide hands-on technical support alongside our product to help ensure these organizations can securely achieve their missions and continue to protect and uplift the communities they serve.”
CarePortal is a care-sharing platform connecting caseworkers and communities with families in crisis. (Photo courtesy of CarePortal)
Forging partnerships on the journey to Zero Trust
CarePortal’s experience reflects both the challenges nonprofits face and the benefits Okta’s approach to security support yields. Brad Pudenz says the organization’s small but mighty technical team was in a race to strengthen its security posture. Like any growing company, CarePortal wrestled with a patchwork of password policies and security tools, as well as onboarding and offboarding.
Pudenz says for years, team members had been “banging the drum” for a more unified security solution; however, without one person dedicated to security, that effort had trouble gaining momentum. That all changed when cloud architect Ehsan Deihim joined CarePortal in the summer of 2024. The two began laying the groundwork for a new security strategy, starting with a crucial question: Who owned security at CarePortal?
“We came up with this idea that every one of us has to become a security expert, and we established this Zero Trust philosophy,” Deihim says. This new mindset revealed a critical gap in their infrastructure. “In order to build this concrete Zero Trust, we definitely needed identity management and an authentication and verification layer."
The team began evaluating their options, landing on the Okta for Good nonprofit program, which offers not just a solution but also the support to get it up and running.
One year later: mission enabled
Today, CarePortal has swapped a patchwork of siloed tools for what Pudenz describes as a “single pane of glass” approach to identity and security. This unified view has changed how CarePortal’s small technical team works. They can now monitor threats, onboard new users, and enforce security policies all in one place, freeing them to focus on what matters the most — furthering the organization’s mission.
“By simplifying the process, we're able to move those resources over to other products and continue to strengthen our security posture in AWS, in GitLab, and other products,” Pudenz says. “And that's just valuable.”
The newfound efficiency enables the team to continue to grow and scale its platform, allowing the staff to fulfill CarePortal’s mission without compromising on security or resources.
This kind of outcome demonstrates the power of collaboration, be it across sectors, like the partnership between Okta and CarePortal, or across missions.
“The nonprofits that will survive and thrive are joining collaborative defense ecosystems that transform scarcity into strength,” NetHope’s Dianna Langley says, citing the organization’s Global Humanitarian ISAC program as an example. “They are finding resilience by sharing what they know about threats, learning from each other's mistakes, and pooling their limited resources. By working together, they don't just defend better, they recover faster when things go wrong.”
