Insights
Training
On-demand
INSIGHTS
All Topics
My Account
Cyber security trends to watch out for in 2026
09 Feb 2026by Josie Sparling
We explore the cyber risks and opportunities for your charity in the year ahead, and how Qlic IT can help
Strong cyber security supports the positive impact of your charity by protecting sensitive data and making sure your services can continue operating as usual. It supports you to earn a strong reputation and trust among your stakeholders, as well as defending your hard-earned funds to keep making a difference in the future.
According to Qlic IT, the nonprofit sector ranks as the second most targeted industry for cyber attacks, with cybercriminals successfully targeting 32% of charities in the past 12 months. To find out how to improve your defences for the year ahead, this article explores the biggest charity cyber threats and opportunities in 2026.
Top cyber security threats in 2026
When it comes to cyber security, it’s important not to bury your head in the sand: knowing the threats means you can proactively defeat them.
And by providing unlimited support, helping you develop a budget-aligned security strategy, proactively managing your security, and responding quickly to incidents, Qlic IT can help you face the threats, making it simple to defend your charity.
So what are the risks charities need to watch out for today?
Phishing scams
Among the top projected threats for 2026 is cyber-enabled fraud. This includes activity like phishing, payment fraud, and identity theft, with phishing in particular reported by 83% of charities, according to Qlic IT.
Meanwhile, 37% of charities reported that others had impersonated their organisations in email or online. For example, charity leaders can be targeted in AI deepfake scams to mislead charity teams through phishing or run fraudulent campaigns.
According to the World Economic Forum, developments in generative AI are lowering the bar to executing sophisticated and seemingly credible phishing attacks, meaning that organisations of all kinds will have to strengthen their defences for the year ahead.
For teams who want to strengthen their ability to spot and respond to threats, Qlic IT helps by providing phishing awareness training and realistic simulation exercises, with the Proofpoint platform.
Malware
According to Qlic IT, 14% of charities have reported to be impacted by viruses and other malware. In particular, ransomware is an increasing threat. It’s a type of malware makes files inaccessible on a user’s computer or network and demands a ransom payment to allow access again. Victims can be threatened with permanent loss of data or exposure of stolen data if the ransom isn’t paid.
Trojan is another kind of malware to be wary of in 2026. It works by misleading users of their true intent, disguising themselves as legitimate software or a trusted link that is actually malicious. Once activated, cybercriminals can spy on users, stealing sensitive data and gaining backdoor access to their systems.
AI can help cybercriminals automate and adapt their malware in real time, learning how traditional security tools work and evolving to get around them.
AI cyber security threats
As we’ve seen above, AI is being used to strengthen existing threats such as cyber-enabled fraud and malware. But AI has also accelerated the pace, scale, and sophistication of cyber-attacks in other ways.
For example, charities should watch out for AI data poisoning. That’s where a cyber-criminal subtly alters the training data an organisation’s AI model relies on, which can change the AI’s behaviour, reduce accuracy, and create backdoors. This threatens charities’ ethics and operations by putting sensitive beneficiary information at risk and compromising the ability to make well-informed decisions using AI.
Another example is adversarial attacks. This is where attackers input malicious data into an AI system to deceive it and cause incorrect or unintended behaviour.
Cyber security opportunities in 2026
Despite what it may seem, charities are far from helpless when it comes to defending their cyber safety. In the year ahead, charities who prioritise cyber security can become confident in the strength of their defences, safeguarding their reputation and the continuity of their mission.
Having a team skilled in cyber security is your first line of defence against attacks. It looks like the charity sector could improve in this area in 2026, because, according to the ‘Charity Digital Skills Report’, 28% of charities said they were excellent at cyber security in 2025. That’s an improvement on the 22% who said so the previous year.
And with half of charities still only considering themselves only “fair” at cyber security skills, there is great potential for charities to keep strengthening their defences. Specifically, charity teams want their trustees and CEOs to better understand cyber security risks.
Luckily, starting small with skills training can make a big impact on the security of your work.
“You don’t need a six-figure security budget to keep your charity safe,” says Qlic IT. “The truth is that simple training can prevent major cyber incidents.”
“Charities put their energy into creating impact, and that impact deserves protection.”
More on this topic
Related Content
Recommended Products
06 Feb 2026by Kellie Smith
Dealing with conflict between a CEO and the board
05 Feb 2026by Charity Digital
How can charities spend impactfully?
Our Events
13 May 2026Online
Masterclass: An introduction to generative AI
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
