NFP sector calls for a seat at Canberra’s cyber-security table

Posted on 22 Nov 2023

By Greg Thom, journalist, Institute of Community Directors Australia

Cyber crime hacker

Sector leaders have called for the federal government’s new cyber-security blueprint to include targeted protection for not-for-profits and charities.

Canberra this week outlined its long awaited 2023–2030 Australian Cyber Security Strategy designed to better protect Australia from cybercrime.

The strategy includes plans announced by Home Affairs Minister Clare O’Neil to boost cybersecurity among small and medium businesses to help them defend against criminal groups exploiting their networks.

Business-focused cyber-safety initiatives announced by the government include:

  • $7.2 million to establish a voluntary cyber health-check program that will allow businesses to undertake a free tailored self-assessment of their cyber security maturity and access educational tools and materials they need to upskill.

  • $11 million to establish the Small Business Cyber Resilience Service to provide one-on-one assistance to help small businesses navigate their cyber challenges, including walking them through the steps necessary to recover from a cyber-attack.

"We understand the challenges that small businesses face in the complex world of cyber security, but they are not on their own,” said Ms O’Neil.

“The Australian Government’s cyber security strategy will make sure the support is available to help them understand and improve their own cyber security.”

“It’s critical that government works hand-in-hand with social sector organisations and charities to provide the right skills and infrastructure to Australia’s most vulnerable communities, ensuring they too are supported and protected.”
Infoxchange CEO, David Spriggs.

Technology-focused social enterprise Infoxchange welcomed Canberra’s commitment to cyber security, but said it was vital that NFPs be specifically included under the government’s protective cyber umbrella along with small business.

Infoxchange CEO David Spriggs said NFPs and charities were responsible for employing more than 1.4 million people, attracting 3.2 million volunteers, and contributing $190 billion to the national economy.

This meant the NFP sector was best placed to deliver cyber security education to vulnerable community members, Mr Spriggs said, but it was under enormous strain.

Infoxchange CEO David Spriggs.

The current economic climate has created enormous challenges for the sector as organisations struggle to meet increased demand for frontline support in everything from food relief to homelessness and domestic violence.

“It’s critical that government works hand-in-hand with social sector organisations and charities to provide the right skills and infrastructure to Australia’s most vulnerable communities, ensuring they too are supported and protected,” said Mr Spriggs.

His comments were echoed by Charities Minister Andrew Leigh.

“The past year has highlighted that all organisations are vulnerable to hacking and having their systems compromised,” said Mr Leigh.

“Given how important donations are to charities, ensuring that donor data and privacy isn’t compromised is obviously a top priority for the sector.”

The announcement of the federal government’s cyber-security plans comes hot on the heels of the Infoxchange 2023 Digital Technology in the Not-for-Profit Sector Report, which found many NFPs were highly vulnerable to cyber-attack.

Among the report’s key findings:

  • One in eight organisations admitted to experiencing a cyber security incident or breach.
  • Only 13% of organisations agreed they had a clearly documented plan to improve cyber security protection.
  • Less than one fifth of organisations had an information security policy outlining how they protect their information.
  • As few as 12% of organisations provide regular cyber security awareness training for staff.

The report also found that not-for-profits and charities were increasingly struggling to respond to the rising demand on the frontline, with many NFPs putting every dollar they can towards the communities they aim to help.

This leaves under-supported and under-resourced organisations dropping digital security down their list of priorities, potentially placing information security and sensitive data at risk.

Mr Spriggs said targeted support for the sector was vital to avoid crises such as the collapse this year of telemarketer Pareto Phone, which saw the dumping of donor details from more than 70 charities onto the dark web after it was hit by a malware attack.

“The Australian not-for-profit sector is under greater pressure to support the Australians who are bearing the brunt of the cost-of-living crisis,” said Mr Spriggs.

“Our report found concerning trends about the sector’s ability to measure impact and found critical technological barriers preventing stronger outcomes for the communities who need it most.”

More news

Become a member of ICDA – it's free!