2025-08-04 –, Copa
Nonprofits, frequently overlooked and unprotected, are embedded in critical sector supply chains, creating cascading failures across critical services that threaten the communities that rely on them. This presentation will discuss nonprofits' growing cybersecurity challenges, highlight their needs for cybersecurity investment and policy support from more capable actors, share the creative workarounds nonprofits currently employ to secure their systems with limited resources, and outline how hackers and security researchers can get involved in the fight to protect them.
Nonprofit organizations provide critical, time-sensitive services to local communities, acting as essential–but often overlooked–extensions of our nation’s critical infrastructure. With over 1.8 million organizations, they bridge service gaps that government agencies alone cannot sustain and are among the most trusted lifelines for at-risk communities during times of crisis and upheaval.
For example, medical nonprofits like blood banks ensure hospital networks are well-supplied to continue delivering life-saving care. Faith-based institutions support emergency management agencies by mobilizing resources, coordinating relief efforts, and providing essential services during disasters.
This presentation will touch on the role of cyber volunteering in protecting nonprofits, the flawed model of shared responsibility for cybersecurity for nonprofits, highlight ways nonprofits employ creative workarounds to secure their systems with limited resources, and spotlight ways for hackers and security researchers to get involved to protect nonprofits.
The content for this presentation will combine research conducted by me and my team over the last year on several different projects related to this talk.
Grace Menna is a Public Interest Cybersecurity Fellow at the UC Berkeley Center for Long-Term Cybersecurity (CLTC). In this role, she leads public interest cybersecurity research and oversees the coordination of CLTC and the CyberPeace Institute's newest initiative, the Cyber Resilience Corps, mobilizing cyber volunteering efforts across the US to defend community organizations, including nonprofits, municipalities, rural hospitals and water districts, K-12 schools, and small businesses from cyber threats.
She is an active member of the security research community and helps organize the policy track of DC-based hacker conference, DistrictCon. Previously, Grace supported global cyber capacity-building initiatives at the Atlantic Council's Cyber Statecraft Initiative and, as a consultant, advised U.S. tech companies across policy, intelligence, trust & safety, and other security areas.