PwC to equip NFPs with crucial cyber security knowledge, awareness

PwC has pledged to help bolster the cyber security awareness training of not-for-profits (NFPs) to help them arm themselves against potential cyber attacks.

The firm revealed it had joined forces for the fifth time with technology social enterprise, Infoxchange, to run interactive programs that simulate a cyber attack scenario as part of a wider digital uplift program to enhance NFP’s cyber defences and awareness.

The initiative has kicked off following recent results from the Infoxchange 2024 Digital Technology in the NFP sector report which found only one in five NFPs regularly conducted cyber security awareness training, more than 9,500 NFPs accessed critical support resources in 2024, and learning program participants reported a 26 per cent digital skills uplift.

The report also found that many NFPs still lacked the necessary protections, with improving data and cyber security practices being among the top three sector priorities.

Sixty-one per cent of NFPs also reported budget and funding as the highest overall technology challenges, which was mirrored in PwC finding a 59 per cent increase in ransomware events across the NFP sector just this year.

PwC and Infoxchange said as the program is now in its fifth year, it will continue to protect sensitive data and build critical digital resilience in the charitable sector each year – an urgent need.

Chris Davis, PwC Australia cyber security and privacy partner, said in this era of rapid AI transformation, NFPs were facing unique challenges and therefore needed the critical support to adapt and protect their organisations.

“With cyber criminals now using AI to create more sophisticated attacks, our collaboration with Infoxchange ensures Australia’s charitable sector has the knowledge and tools to defend the sensitive community data they’re entrusted to protect,” he said.

“We know cyber crime in Australia is increasing and AI cyber attacks have largely focused on enabling quicker development of phishing emails and websites.

“A key focus of the program is to advance the use of ethical and inclusive technologies and help NFPs with continuous digital upskilling. This is part of our focus on responsible technology and provides NFPs with the resources they need to ward against increasingly sophisticated threat actors.”

The simulated cyber attack would involve an “immersive cyber experience” and would place NFPs on both the attacker and defender side of a mock cyber breach.

Davis said this aimed to help them improve their cyber awareness and preparedness skills, which coincided with heightened regulator obligations and expectations.

According to Infoxchange CEO, David Spriggs, the tools and knowledge NFPs would gain from the program would transform operations across the sector.

“This program provides NFPs with the expert knowledge and practical tools they desperately need – not just to defend against cyber crime, but to embrace digital transformation responsibly so they can focus on helping the communities they serve to thrive,” Spriggs said.

Those enrolled in the program would also be coached by PwC’s cyber security experts through different types of threat actors and their preferred methodologies to better prevent, detect and respond to an attack.

PwC said this would “better help NFPs understand how cyber threats unfold and what decisions mattered during a breach”.