{"id":207394,"date":"2026-04-30T08:53:00","date_gmt":"2026-04-30T12:53:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/30\/5-key-cybersecurity-and-ai-risk-considerations\/"},"modified":"2026-04-30T09:05:10","modified_gmt":"2026-04-30T13:05:10","slug":"5-key-cybersecurity-and-ai-risk-considerations","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/30\/5-key-cybersecurity-and-ai-risk-considerations\/","title":{"rendered":"5 Key Cybersecurity And AI Risk considerations"},"content":{"rendered":"

5 Key Cybersecurity And AI Risk considerations<\/a><\/p>\n

https:\/\/thenonprofittimes.com\/npt_articles\/5-key-cybersecurity-and-ai-risk-considerations\/<\/a><\/p>\n

Publish Date: 2026-04-30 08:53:00<\/a><\/p>\n

Source Domain: thenonprofittimes.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n\t\t\t\t\t(image from pexels.com)
\nBy Scott Beale, CC
\nArtificial intelligence (AI) has gone from nowhere to everywhere in just about three years. If you are like most nonprofit leaders, you are already using AI, but you still have questions about the cybersecurity considerations and risks for your organization.
\nToday, 92% of nonprofits have adopted AI-enabled tools, as noted in \u201cThe 2026 Nonprofit AI Adoption Report,\u201d(https:\/\/bit.ly\/4rf232J) but in the same report nearly half (47%) indicate having no AI governance policy.
\nAI adoption is a great way to engage younger staff and to bring in volunteers and board members with different perspectives. It is likewise critical that nonprofit leaders get up to speed on both the benefits and risks, as well as on how generative AI and AI agents are changing the game. Don\u2019t make the mistake of missing out on the efficiencies these tools can deliver. And, don\u2019t make the mistake of ignoring the risks they introduce.
\nThis is where leadership matters. AI strategy is not about technical skills or calculations. It is a leadership decision that shapes how your organization balances productivity, risk and mission impact. The question for nonprofit leaders is not simply whether to adopt AI, but how to do so responsibly while strengthening the people and communities your organization serves. Will you use fear, tight budgets or ignorance to paralyze you and your organization from making critical AI planning and security decisions, or will you embrace AI, mitigate the risks and optimize AI in a way that is consistent with your mission?
\nMany nonprofit leaders have wrestled with these same questions. Whether your organization is adopting generative AI, a traditional machine learning model, a chatbot or any other type of AI, five key considerations should guide your AI strategy and decision-making as a nonprofit leader.<\/p>\n

Set Up Clear, Objective, Responsible Guardrails And Governance<\/p>\n

It is compelling to rush full speed ahead into adopting AI tools for efficiency and productivity. But adopting AI tools should be an organizational strategy set forth by you and other executive leaders, as well as your board. These are common questions to ask before diving in. It\u2019s perfectly acceptable as a leader to enlist outside advisors if these questions are new to you and your team:\u00a0<\/p>\n

What specifically do you intend to accomplish by introducing AI into your operation? Do those objectives align with your mission, culture, stakeholders and more?
\nWho is driving AI adoption? IT? Is it decentralized department-by-department? And are security and privacy considered from the start?\u00a0
\nWhat organizational and external donor, staff, member and\/or stakeholder data would be involved?\u00a0
\nCan your data strategy assure that your organization can comply with data privacy regulations?\u00a0
\nHow do you assess and categorize AI use cases based on risk?
\nWhat is the process for monitoring safe and secure deployment and use?\u00a0
\nHow will you train employees on responsible and secure AI use?<\/p>\n

As a nonprofit leader, you can strategically moderate AI adoption to answer these questions thoroughly. Again, this first step is a critical one for changing the perspective and mindset of your organization regarding the value of AI. It is worth the time and energy upfront to map out:<\/p>\n

AI governance: Roles, responsibilities and accountability owners, risk management processes, data security strategy, employee compliance and more.
\nAI strategy: Your organization\u2019s specific use cases (e.g., donation predictions, volunteer communications, market and trend analysis, data security), intended outcomes, deployment processes, timeline and measures of success.
\nAI expertise: Paths, plans and opportunities for becoming well-versed in AI strategy, risk and security as executive leaders, and even members of the Board.
\nAI adoption: The framing of adoption in terms of the mission and, in turn, enabling staff so they understand how AI makes them more efficient and empowers them to be better at the organization\u2019s mission, rather than just using a task-oriented tool.<\/p>\n

Start With Lower-Risk Use Cases That Don\u2019t Involve Sensitive Data\u00a0<\/p>\n

Although it might be tempting to unleash AI tools across your organization, doing so only widens the potential attack surface. Great leadership is about looking at all facets of any strategy involving something new. It goes without saying that you don\u2019t want to race out of the AI gate with fundraising optimization or donor prediction tools that rely on your protected data to fine-tune them.
\nInstead, focus on lower-risk use cases to test out your organization\u2019s internal security guardrails, policies and governance. These applications might include writing marketing emails at scale, drafting basic operational processes, streamlining project management or brainstorming creative ways to boost member engagement.
\nThere are security and data privacy protocols, of course, with any use case. It is guaranteed that any AI that\u2019s free is using the data inputs to train its underlying model, making your data available outside your organization. That openness is simply too risky when it includes sensitive data. Therefore, it is worth budgeting for your organization\u2019s own, locked-down generative AI tool to ensure your data stays within the secured parameters of your organization.\u00a0
\nTo add another layer of data security, make sure every employee is continually well-trained on which data is okay to use with these tools and, by contrast, which information should never be used under any circumstances. Keep in mind that the basic tenets of your security practice do not change with AI: How you secure your data; Who has access to it; What is acceptable use? All of that remains the same.<\/p>\n

Scrutinize The Data Supply Chain When Testing Third-Party Software Vendors\u00a0<\/p>\n

Weighing cybersecurity and risk of AI within your organization is one thing; considering your third-party software suppliers is another. Does your donor management platform come with an embedded AI tool? What about your other donor engagement tools? If so, what are you doing to assess the security of your third-party software supply chain?\u00a0
\nThomas Lee, Ph.D., CEO of VivoSecurity, who specializes in third-party risk management, has noted (https:\/\/bit.ly\/4bx2918) that data breaches constitute a \u201cdata management problem.\u201d As a leader in the AI age, you must sharpen your organization\u2019s data strategy. Do you know where your data is going and who has access to it when you use AI-enabled tools?
\nAccording to Dr. Lee\u2019s research, third-party data breaches account for more than 50% of large data breaches. Third-party supply chain security and risk management are just as crucial as getting your in-house governance in order.
\nIt\u2019s no wonder, then, that 70% of respondents from organizations of all shapes, sizes and purposes said they are highly concerned about supply chain risk, according to the ISC2 Supply Chain Risk Survey. (https:\/\/bit.ly\/4sAO2Oa). Accordingly, vetting the security of your third-party software vendors is crucial. While the sway of boosting productivity and impact is appealing, mitigating third-party risk should drive your AI strategy. Whether using your in-house security expert or a managed security service provider, make sure they are involved upfront in your AI strategy and the software review process.
\nIn any case, encourage leaders to challenge their vendors on how their AI works, and find out whether it\u2019s optional to turn off their embedded AI. How transparent are they about how your data is used? Can you lock down only your instance\/tenant of their solution?<\/p>\n

Understand The Latest AI-Focused Cyber Threats<\/p>\n

AI is redefining cybercrime, enabling bad actors to scale the speed, impact and reach of cyberattacks. Both technical and human-based AI attacks are taking center stage, so it\u2019s imperative to understand how bad actors are using AI. The ISC2 Cybersecurity Workforce Study (https:\/\/bit.ly\/4mjNxpS), which included cybersecurity professionals from a wide range of industries and organization sizes, including the nonprofit sector, found that 40% of respondents experienced AI-optimized social engineering attacks, 25% reported data leakage, 23% saw suspected AI-powered cyberattacks and another 23% experienced\u00a0
\nAI-related data breaches. These types of attacks are also happening to your donors. Make sure they know how you will reach out to them so they don\u2019t fall victim to any scams using your name and likeness.<\/p>\n

Prioritize People Over Machines To Mitigate AI Risk<\/p>\n

Finally, a well-oiled AI strategy should prioritize people over productivity, empowering them to stay curious, connected and impactful. Even if you\u2019ve established the most secure and responsible AI strategy, the bottom line is this: You\u2019re still dealing with a machine. So, an underlying consideration for securing AI in nonprofits, and mitigating risk, is what and who you are protecting.
\nTo lead a purpose-driven organization, you must consider the technological and security impacts of AI on those you hope to inspire, including employees and the communities you serve. These are the intangible aspects of AI risk. Will AI enhance or degrade their efforts or experiences? Will AI take away from the authentic, human element that\u2019s so ingrained in elevating the mission of nonprofits? Will your organization\u2019s use of AI tools add to the potential climate impacts of AI? Will AI replace any employees? Will it eliminate the great nuances that characterize social-driven organizations? And so on.\u00a0
\nPurpose-Driven AI Adoption
\nAs AI drives a fundamental shift in how every organization operates and scales in the years ahead, this moment represents far more than adopting a new technology. The path forward is about channeling your leadership influence to slow down before hurtling full speed ahead with AI to scrutinize how to adopt AI responsibly and securely \u2014 and with minimal risk.\u00a0
\nThe value and impact of AI in nonprofits must be shaped not by machines themselves but by the leaders who build an AI strategy with intention, purpose and positive impact for the people, both employees and stakeholders, who can carry forward your organization\u2019s unique mission.
\n*****
\nScott Beale, CC, is chief executive officer of cybersecurity nonprofit ISC2 https:\/\/www.isc2.org<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

5 Key Cybersecurity And AI Risk considerations https:\/\/thenonprofittimes.com\/npt_articles\/5-key-cybersecurity-and-ai-risk-considerations\/ Publish Date: 2026-04-30 08:53:00 Source Domain: thenonprofittimes.com…<\/p>\n","protected":false},"author":1,"featured_media":207395,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/thenonprofittimes.com\/wp-content\/uploads\/2026\/04\/5-key.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,28],"class_list":["post-207394","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-data-security"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207394"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207394"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207394\/revisions"}],"predecessor-version":[{"id":207396,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207394\/revisions\/207396"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207395"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}