Giving Compass' Take:
- Jean Westrick explores how foundation leaders can benefit from reframing and expanding their understanding of digital risk and cybersecurity.
- What are the benefits of updating philanthropy's understanding of digital risk as also including reputational damage and erosion of trust in the work being done?
- Search for a nonprofit focused on digital risk.
- Access more nonprofit data, advanced filters, and comparison tools when you upgrade to Giving Compass Pro.
What is Giving Compass?
We connect donors to learning resources and ways to support community-led solutions. Learn more about us.
Ask most foundation leaders what “cybersecurity” means, and they’ll describe firewalls, phishing simulations, and password policies. They’re not wrong, but what they describe is a much smaller problem than the one we face, demonstrating the need to update our understandings of digital risk.
Technology, however, is no longer just tools organizations use, it is embedded throughout the environment we operate in.
The way foundations communicate with grantees, the way nonprofits mobilize communities, the way staff coordinates work, the way donors decide where to give: all of it flows through digital systems that are contested, surveilled, and increasingly weaponized, underscoring the importance of redefining digital risk. The scope of digital risk is increasingly broad and fraught with financial, reputational, and even physical risks.
By focusing just on cybersecurity, the philanthropic sector is operating with a dangerously narrow definition of digital risk. As technology reshapes how we communicate, fund, and organize, foundations and nonprofits need to retire the old mental model of cybersecurity as a technical IT problem and replace it with something more expansive: a comprehensive approach to managing complex, interconnected risks.
The philanthropic sector needs a new frame. “Digital risk” is a broader, more honest account of what it means to protect your organization, your people, and your mission in the world as it actually exists.
What Digital Risk Actually Looks Like
At our 2025 Technology Association of Grantmakers Global Conference in Atlanta, Sasha Cohen O’Connell, senior director of Cybersecurity Programs at Aspen Digital, told the audience regarding digital risk that “Philanthropy is amongst the most targeted groups” by bad actors. But the threats targeting the sector don’t fit neatly into the IT department’s purview.
Disinformation campaigns can misrepresent a foundation’s funding decisions or poison a public advocacy effort before it launches, exemplifying digital risk. Doxing, the deliberate exposure of private personal information, has become used against organizational leaders, activists, and grantees, particularly those working on politically contested issues. “Staff can be targeted and conspiracy theories leveraged,” O’Connell said. A manipulated video, a coordinated harassment campaign, a spreadsheet of staff personal data posted to a public forum: these are digital threats with profound, real-world consequences, and none of them show up on a standard cybersecurity checklist.
Read the full article about redefining digital risk by Jean Westrick at The Center for Effective Philanthropy.