NPO Cybersecurity SLR
Enhancing Cybersecurity Readiness in Non-Profit Organizations Through Collaborative Research and Innovation: A Systematic Literature Review
Abstract
Non-profit organizations (NPOs) are crucial for building equitable and thriving communities, yet most are small, community-based organizations that lack the resources to manage cybersecurity effectively, and the recent surge in cyberattacks on NPOs underscores the urgent need for investment in cybersecurity readiness. Adhering to PRISMA 2020 guidelines, this systematic literature review examined 4,650 initial records, screening to 23 included studies plus 37 identified through citation analysis. The review leverages existing work on cyber threat assessment and mitigation to build a mapping framework and data collection plan addressing the significant vulnerabilities NPOs face, and offers actionable guidance NPOs can implement within their resource constraints to enhance their cybersecurity posture.
Security readiness on a non-profit budget
Non-profits hold sensitive donor, client, and community data, but most are small organizations without the budget, staff, or expertise to manage cybersecurity, and what is known about them lives mostly in practitioner sources rather than the academic literature. Meanwhile, attacks on the sector are surging, and every breach erodes exactly the thing NPOs run on: the trust of donors and volunteers.
Method
The review follows PRISMA 2020 guidelines. An initial pool of 4,650 records (examined March 2025) was screened against the research questions, excluding studies that did not address cybersecurity readiness in NPOs. Included studies were quality-assessed on methodology, clarity, completeness, and transparency, yielding 23 included studies, with 37 more added through forward and backward citation analysis. Results were synthesized through quantitative topic analysis and qualitative review.
Contribution
The review leverages the existing literature on cyber threat assessment and mitigation to build a mapping framework and data collection plan for the vulnerabilities NPOs actually face, and distills it into actionable guidance that fits non-profit resource constraints, rather than enterprise-grade prescriptions small organizations cannot implement. It also maps where the academic literature is thin, motivating collaborative research and innovation between universities and the non-profit sector as the lever for closing the readiness gap.
@article{roshanaei2025cybersecurity,
title = {Enhancing Cybersecurity Readiness in Non-Profit Organizations Through Collaborative Research and Innovation---A Systematic Literature Review},
author = {Roshanaei, Maryam and Krishnamurthy, Premkumar and Sinha, Anivesh and Gokhale, Vikrant and Raza, Faizan Muhammad and Ramljak, Du{\v s}an},
journal = {Computers},
volume = {14},
number = {12},
pages = {539},
year = {2025},
publisher = {MDPI},
doi = {10.3390/computers14120539}
}