Why Are Religious Organizations Under Cyber Attack?

Part 1: Religious Organizations Are Under Cyber Attack

Did You Know

  • Worldwide spending on cyber security is forecast to reach $133.7 billion in 2022.
  • Data breaches exposed 4.1 billion records in the first half of 2019.
  • 71% of breaches were financially motivated and 25% were motivated by espionage.
  • Enterprise ransomware infections are up by 12%.
  • 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering.
  • The top malicious phishing email attachment types are .doc .dot and .exe.


Many religious organizations assume they have some immunity from most cyber attacks. This assumption is based on the belief that they are local and do not produce goods, services or possess valuable data. This is not accurate because:

  • Most cyber attacks are random and simultaneously attack many types of organizations of all sizes and missions.
  • Even if no theft occurs, cyber attacks have future implications. For example, a virus could go undetected for 6 months.  
  • Cyber criminals are interested in all forms of personal data that religious organizations collect and manage.
  • Cyber criminals target organizational diversity among employees, visitors, volunteers, donors and members.
  • Many religious organizations mistakenly believe their service providers are legally liable for all cyber attacks. However, they are still legally considered the data controller.    

Multiple Texas churches fell victim to a malware attack that drained millions of dollars from their bank accounts. A church in Ohio lost over a million dollars to phishing scams. Multiple churches in the United States and United Kingdom had their files encrypted by ransomware.

Religious leaders and executives should accept their organizations are at risk and adopt similar practices, tools and services drawn from the financial sector.

Financial and Religious Organizations both:

  • Employ people who access and use devices, email, financial management systems, online forms and networks to collect and manage data.
  • Are small and neighborhood-based or large and global-based.
  • Suffer financial loss, damage to their reputations and reduced trust levels if a cyber attack is successful. Typically, cyber attacks impact the lives of each person who has opened an account, made a contribution or otherwise shared personal data with a particular bank or church.
  • Purchase risk insurance and credit monitoring services to offset recovery costs and reduce identity theft.
  • Separate data and financial duties for internal control purposes to reduce employee fraud.

Stay tuned for my second post, Adopt These Malware, Phishing and Ransomware Cyber Security Best Practices:

What Do You Think?

Author Disclosure

I am the author of this article and it expresses my own opinions. I have no vested interest in any of the products, firms or institutions mentioned in this post. Nor does the Analyst Syndicate. This is not a sponsored post.


The views and opinions in this analysis are my own and do not represent positions or opinions of The Analyst Syndicate. Read more on the Disclosure Policy.