Trust Is the Real Asset: Cybersecurity Inside Foundations

cybersecurity inside foundations

Written by Matt Sharp

As a Senior Technology Consultant, I have decades of experience advising mission-driven organizations on technology strategy, governance, and the effective use of digital systems. In my free time I enjoy global culture including art, food, languages and jokes. You can read more about me here.

Philanthropy

March 12, 2026

After three decades in tech within private foundations, I’ve come to realize that cybersecurity in philanthropy is often misunderstood. It’s not just about technology; it’s about stewardship.

Foundations aren’t built like normal corporations. They don’t focus on scale or market dominance. Instead, they’re all about managing relationships, capital, and ideas. Even though they might be small, their influence can be huge.

Contents

The Importance of Trust

Now, let’s talk about trust. For foundations, trust is the real asset. When conversations about cybersecurity get bogged down in technical jargon — think patching cycles and multifactor authentication — it can feel distant from what really matters.

What’s at Stake?

  • Emails: They hold strategic conversations.
  • Grant Files: These contain sensitive discussions about community initiatives.
  • Board Materials: They reflect decisions that impact the public.

In a corporate setting, a cyber incident might mean financial loss. But for foundations, the bigger risk is often reputational. Imagine confidential discussions being exposed or falling victim to a ransomware attack. That can really shake confidence among grantees and partners.

The Digital Reality

Some foundations think they’re “too small” to be targeted by cyber threats. But this assumption is clearly outdated. Even modest-sized organizations can have significant digital footprints now. With cloud platforms and remote work, our exposure is bigger than ever.

Cybersecurity as Governance

So, what’s the bottom line? It’s no longer about whether foundations rely on technology; they absolutely do. The real question is: Is cybersecurity viewed as just another IT expense, or as a key governance responsibility?

From what I’ve seen, the foundations that manage digital risk well aren’t necessarily the ones with the biggest IT budgets. Instead, they understand that cybersecurity is about protecting the institution. This in turn ensures that the trust needed for philanthropic work remains intact.

What’s Next?

In upcoming posts, I’ll explore:

  • What makes foundation technology different from corporate IT.
  • How boards can handle cyber risk without needing to become tech experts.
  • Why new tools, like AI, require us to rethink information governance.

Conclusion

Remember, in philanthropy, protecting data isn’t about keeping secrets. It’s about creating the right conditions for meaningful work to happen.

 

 

For over forty-two years, CGNET has provided state-of-the-art IT services to organizations of all sizes, across the globe. We’ve done it all, from IT and cybersecurity assessments to cloud services management to generative AI user training. Want to learn more about who we are and how we might be able to help you? If so, check out our website or send us a message!

You May Also Like…

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Translate »
Share This
Subscribe