Level of Cybersecurity Readiness of Small and Medium Nonprofit Organizations (NPOs) During COVID-19

Abstract

Considering the unprecedented COVID-19 pandemic crisis, many NPOs, like other types of institutions, have migrated their operations to remote, virtual platforms to maintain at least a minimum level of activity. Consequently, the NPOs are experiencing increased online activity during COVID-19. This study assesses NPOs’ readiness during COVID-19 through the lens of three components of the ISO 22301:2019 - Business Continuity Management Systems (BCMS) – labeled as 3Ps: Policy, People, and Processes. A snowball sampling study was conducted to examine information security readiness in small and medium-sized NPOs during the Covid-19 pandemic in D.C., Maryland, and Virginia (DMV) area. Each item in the three aspects of readiness was measured at high, moderate, or low. The findings of the study demonstrate that the NPOs should emphasize developing and implementing cybersecurity policies during crises to increase awareness and preparedness. The empirical results of this study further shed light on the aspects and factors of cybersecurity readiness that are often less prioritized by NPOs' senior management but should be taken into more consideration when creating cybersecurity policies and procedures.