Erandhi Mendis and Peta Wyeth explore how strategic investment in education and sector-specific training can build a sustainable, inclusive cybersecurity workforce for Australia’s NFP sector.
Today’s threat actors will relentlessly target any organisation to serve their self-interests – including not-for-profits (NFPs) delivering essential community services across Australia. According to PwC’s Global Threat Intelligence team, the NFP sector has experienced a 59% rise in ransomware attacks in 2025, and the frequency of these cyberattacks will only grow as adversaries continue to probe the defences of NFPs and deploy increasingly sophisticated tactics to disrupt and cripple their operations.
Why the surge? The answer is simple: most NFPs lack the resources, technology and expertise that larger organisations possess to defend against cyber threats. More worryingly, cybersecurity awareness and access to training among NFP employees and volunteers remain low. According to Infoxchange, only 1 in 5 NPFs provide cybersecurity awareness training to their staff, leaving over 80% vulnerable to preventable breaches caused by human error or insider threats.
As security experts often say, an organisation’s defence is only as strong as its weakest link. Cutting-edge tools and technology are important, but they’re not enough in isolation. To build lasting resilience, NFPs must equip their workforce with the cybersecurity skills they need to respond and adapt with agility amidst this ever-evolving threat landscape.
Education is the foundation of resilience
One of the most common misconceptions is that cybersecurity is solely the responsibility of IT or leadership. The opposite is true: robust cyber resilience is only possible when every individual within an organisation practices good security habits and remains alert to potential threats that may target them. This is an important mindset shift because threat actors have persistently targeted individuals rather than systems, seeking to exploit lapses in judgment, human error or weak security practices.
A structured cyber awareness program is key to ensuring leaders, employees and volunteers understand the critical frontline role they play in building cyber resilience. These programs aim to foster continuous situational awareness and equip people with the skills and confidence they need to identify, respond to and report potential threats. When implemented effectively, they also help reduce internal resistance to necessary risk governance and stronger security processes – building a security-first culture that forms the foundation of lasting resilience for every NFP.
Sector-specific programs go a step further by offering courses tailored to the knowledge levels and technical capabilities of NFP employees. Beginner-friendly options, such as the UTS Cyber Resilience Program at the University of Technology Sydney, help staff and volunteers build confidence through self-paced modules that teach practical techniques applicable to their daily work. This approach gives NFPs flexibility to schedule training while keeping focus on community service.
Empowerment follows education
Due to their limited budgets and resources, NFPs need high-impact solutions that are simple and cost-effective. We typically advise NFPs and similarly sized organisations to focus on a few essential, cost-efficient measures:
- Cybersecurity posture assessments: Comprehensively evaluates organisational readiness, technical controls and response capabilities to identify gaps and prioritise areas for improvement
- Multi-factor authentication: A simple yet highly effective safeguard that adds two or more layers of verification beyond passwords before granting access
- Secure backup and recovery: Protects mission-critical data by creating encrypted, immutable backups stored in secure locations to ensure rapid recovery after an attack
- Zero Trust principles: Enforces a ‘never trust, always verify’ approach that treats every user, device and application as a potential threat until authenticated and authorised – out of sheer necessity
- Regular software updates: Mitigates common vulnerabilities by keeping systems and applications consistently patched and protected through a regular update schedule
Successful implementation relies on effective training. When staff understand the purpose and urgency of security initiatives, they are more likely to adopt best practices and treat cybersecurity as part of their daily responsibility – not an added burden. Without that foundation, even the best tools and processes risk being overlooked or inconsistently applied.
By pairing cybersecurity training with an essentials-first approach, Australian NFPs build the foundational maturity needed to withstand evolving cyber threats – without the expense of large security teams or complex solutions. From this solid base, NFPs can progressively strengthen defences by adopting specialised tools and developing ongoing cybersecurity skills programs that keep their people ready for emerging risks.
Threat actors will continue to target Australia’s charities and community organisations, but the sector is far from defenceless. With mission-critical focus and the right training, NFPs can cultivate a sustainable, resilient and cyber-aware workforce. Empowered through education, they’ll be better prepared to safeguard essential services and keep community work running, whatever comes next.
Read also: 5 things NFP boards can do for better cybersecurity
Erandhi Mendis
Erandhi Mendis is the Social Impact, Government Affairs and Policy Leader for Kyndryl Australia and New Zealand, the world's largest managed services IT provider. With increasing national focus on ESG reporting and regulatory compliance, Erandhi also guides the organisation’s alignment with Australian frameworks for social procurement, modern slavery and reconciliation.
Before Kyndryl, Erandhi has led initiatives of national significance, including a $1 million disaster-relief program for communities affected by the Australian bushfires and the design and launch of a Veteran Reskilling initiative at Parliament House. She completed postgraduate studies at the University of Melbourne, graduating with First Class Honours in Educational Neuroscience.
Erandhi brings expertise in social investment, policy innovation and the creation of public–private partnerships that drive measurable impact for communities and the environment. She was the first Australian to receive an Association of Corporate Citizenship Professionals Purpose Award and was nominated as a Rising Star in the ARN Women in ICT Awards in both 2022 and 2023. Erandhi is a recipient of a Women in Leadership Scholarship and a current Fellow with the Social Impact Hub.
Peta Wyeth
Peta is a computer science researcher internationally recognised in the field of human-computer interaction (HCI), employing techniques from the fields of interaction and experience design, computer science, psychology and sociology in the design of educational and entertainment technology.
Peta joined UTS in 2023 as the Dean for the Faculty of Engineering and Information Technology. She has a strong record of academic administration and leadership, and before joining UTS, she was Deputy Dean in the Faculty of Science and Head of School for the School of Computer Science at Queensland University of Technology.
Peta has secured over $37.5M in funding to undertake multidisciplinary HCI research and has led research programs in the ARC Centre of Excellence for the Digital Child. She was the 2022 Winner of the Women in Technology Professional Technology Leadership Award in recognition of her championing of diversity and inclusion initiatives.
Peta holds a Degree in Information Technology (1st Class Honours) and a PhD in Computer Science, both from the University of Queensland.
Trending
Popular
