The high-leverage controls first
MFA across every account, immutable or MFA-protected backups with a tested restore, and quarterly phishing simulation — the controls that move an application most per dollar.
Nonprofits · associations · membership
The same security bar, on a fraction of the budget.
Nonprofits and member organizations hold donor, member, and beneficiary data that attackers value, usually on the leanest IT budgets on this list. Carriers and grantmakers apply the same control expectations regardless — so the smart move is to lead with the controls that cost the least and move the most.
The exposure
What underwriters and attackers actually look at
Donor and member PII is the asset; a stretched, part-time IT setup is the gap. The forms reward MFA everywhere, MFA-protected or immutable backups with a tested restore, and phishing simulation — none of which require a big budget, all of which we operate so your staff don't have to.
The program
What we operate for you
The same managed security program we run for every client — 24/7 SOC-monitored detection, identity protection, and security awareness training, operated end-to-end — tuned to nonprofits & associations.
MDR without an IT hire
A 24/7 SOC watching every endpoint, so a small or volunteer-run team isn't the only thing standing between a phish and a donor-data breach.
Grant- and renewal-ready evidence
The documentation grantmakers and cyber carriers increasingly ask for, assembled as a byproduct of the service rather than a separate project.
Pricing that fits the mission
Foundation EDR is per device with no minimum, so a small nonprofit pays for exactly the devices it runs; the fuller per-seat tiers are there when you grow.
Fit
Who this is for
- Nonprofits and foundations holding donor or beneficiary data
- Membership and trade associations
- Organizations facing a grantmaker or partner security requirement
- Lean teams with part-time or volunteer IT
Further reading
Go deeper on Nonprofits & Associations
CISSP-led guides on the threats, compliance, and controls that apply to nonprofits & associations— the detail behind the program above.
Cybersecurity for Nonprofits on a Budget: Donor Data, Grants, and What Actually Matters
Nonprofits face the same attacks as any business on a fraction of the budget. There's no nonprofit-specific cyber law — but PCI, grant requirements, and state breach laws still bite. The high-leverage, low-cost controls that matter.
Read the guideFAQ
Nonprofits & Associations: common security questions
Do nonprofits have to follow cybersecurity rules?
There's no nonprofit-specific cybersecurity law, but PCI DSS applies if you take card donations, federal grant recipients must take reasonable safeguarding measures under the Uniform Guidance (2 CFR 200.303), and state breach-notification laws cover donor and member data.
What's the biggest cyber risk for a nonprofit?
Ransomware and donor-data theft, usually on a tight budget. Lean, part-time, or volunteer IT makes nonprofits a soft target. MFA, tested backups, and phishing training are the controls that move the most risk per dollar.
How much does managed cybersecurity cost for a nonprofit?
It's built to fit a nonprofit budget: managed coverage starts at $15 per device per month with no minimum, so the cost matches your actual size. The Protected and Complete tiers (identity protection, training, SIEM) are per seat for teams of five or more, and the Cyber Insurance Readiness Sprint is a fixed fee from $1,500 (three tiers up to $3,500).
How fast can you get us protected?
The Cyber Insurance Readiness Sprint runs seven business days and produces the documentation grantmakers and carriers increasingly ask for. Managed monitoring can begin onboarding in the same week.
Start with the questionnaire
See where you stand before an underwriter does.
The free 2026 Cyber Insurance Readiness Questionnaire scores you against the controls carriers actually ask about. Then the Readiness Sprint turns your environment into the evidence they accept.