Authored by Baker Tilly's Norris James
CHICAGO, IL / ACCESS Newswire / October 10, 2025 / Not-for-profit (NFP) leaders and boards are confronting a growing and often unseen threat, cyber and fraud risk. No longer confined to the information technology (IT) department, cybersecurity and fraudulent incidents now erode organizational trust, disrupt essential operations, drain financial resources and jeopardize the very mission not-for-profits serve. Ransomware can paralyze donor databases, phishing schemes reroute critical funds and data breaches can expose supporter information, putting relationships and reputations at risk.
The lesson is clear: cyber and fraud risk is not just about systems, it is about stewardship. For not-for-profit management and board members, the real test lies not in how firewalls are configured, but in how governance is exercised. Cyber resilience must be treated as an essential facet of fiduciary; mission continuity depends on it.
The expanding cyber risk landscape
Today's cyber risks are more sophisticated, interconnected and consequential than ever. Key challenges for NFPs include:
External threats: Advanced phishing and ransomware campaigns that target unsuspected users and fundraising platforms
Internal threats: Fraud tied to vendor payments, treasury operations or credit card misuse often enabled by weak oversight
Converging risks: Cyber incidents that seamlessly evolve into financial crimes, combining technical disruption with regulatory penalties, legal liabilities and reputational fallout
Emerging vulnerabilities: AI-driven phishing campaigns, third-party vendor exposures and cloud misconfigurations extending risk beyond the organization's perimeter
The implications are profound: cyber risk has evolved beyond a technical hazard managed by IT departments. It is now a governance priority, requiring an integrated oversight model that aligns asset protection, layered defenses, threat detection and response, financial controls and mission resilience under the board's stewardship.
Smarter strategic questions
Leadership elevates oversight, clarifies strategic priorities and ensures resilience is built into organizational decision-making. Smarter strategic questions can be grouped into four key domains:
Assets and access
What are our most critical digital and financial assets, and who can access them?
Resilience and response
If our first line of defense failed, what safeguards would remain?
How quickly would we detect and contain a breach or fraudulent transaction?
Reputation and confidence
What aspects of our reputation are most vulnerable during a cyber incident?
Are our cybersecurity investments proportionate to our actual risk exposure or driven by vendor marketing?
Governance and culture
How actively is our board engaged in scenario planning for a live cyber or fraud event?
What cultural signals do leaders send daily, reinforcing vigilance or tolerating complacency?
These are not technical questions, they are governance questions that determine whether cyber resilience siloed within IT or becomes part of the organization's long-term strategic foundation.
Governance as the linchpin
Times and again, fraud risk exposure in not-for-profits traces back not to outdated technology, but to lapses in governance. Common gaps include:
Inconsistent or absent policies for vendor approvals, treasury authority, bank signatories and expense disbursements
Weak access controls across donor, payroll, vendor and payment platforms
Lack of segregation of duties leaves organizations vulnerable to insider misuse or unintentional error
Without disciplined governance, even the most advanced cybersecurity tools can fail to protect an organization. With effective governance, technology becomes part of a broader culture of structural resilience that protects trust and mission.
A cyber resilience agenda: Four imperatives
To strengthen defenses and sustain trust, not-for-profit leaders should embrace a targeted resilience agenda, elevating cyber oversight as a strategic priority at the board level:
See through assumptions (assess vulnerabilities): Commission impendent reviews that test not only systems but also controls, policies and oversight processes. Never assume defense are sufficient until proven.
Close governance blind spots (strengthen governance): Codify and enforce financial and operational policies that eliminate structural weaknesses. Ensure that accountability frameworks connect fraud prevention, cyber oversight and fiduciary responsibility.
Invest with strategy, not hype (invest wisely in technology): Deploy advanced tools, such as endpoint detection, behavioral monitoring or incident response automation, where evidence shows actual risk exposure. Always integrate new tools within a layered defense strategy rather than relying on silver-bullet fixes.
Build a culture of vigilance (instill awareness): Cyber resilience is not episodic. It requires daily reinforcement through tone at the top, staff education and accountability mechanisms that normalize vigilance rather than treating it as an exception.
The leadership imperative
The reality is simple: cyber risk is not an IT problem; it is a leadership and board governance problem. It directly challenges donor confidence, financial integrity and mission continuity, making cyber resilience inseparable from fiduciary duty.
The defining question for every not-for-profit leader is: In safeguarding our digital and financial systems, are we truly protecting our mission?
Leaders who can answer "yes" will do more than defend infrastructure, they embed vigilance into governance, align investments with real risk and build resilience into strategy. Ultimately, these leaders won't be defined by the cyber threats they faced, but by the trust they upheld and mission impact they sustained.
Baker Tilly can help
Our NFP-specialized cyber risk team can help your organization proactively protect and address its cybersecurity and IT risks. We can evaluate your current controls, deliver recommended improvements and provide assurance that your cybersecurity controls are working. Beyond cybersecurity, our board governance services facilitate enhanced decision-making and reinforce effective risk management practices.
Contact our team to learn more about how we can help drive your mission forward.
View additional multimedia and more ESG storytelling from Baker Tilly on 3blmedia.com.
Contact Info:
Spokesperson: Baker Tilly
Website: https://www.3blmedia.com/profiles/baker-tilly
Email: info@3blmedia.com
SOURCE: Baker Tilly
View the original press release on ACCESS Newswire:
https://www.accessnewswire.com/newsroom/en/business-and-professional-services/building-mission-resilience-enhancing-cyber-and-fraud-risk-gover-1085421
