A Comprehensive Guide to Cybersecurity Grants for Nonprofits

Cyber Command on May 17, 2024

Introduction

Cybersecurity grants for nonprofits are essential for protecting sensitive information and maintaining donor trust. Nonprofits often face unique vulnerabilities that make them prime targets for cybercriminals. This guide will help you understand why these grants are crucial and how to get them.

Quick Answers:

  • Who can apply? Nonprofits at high risk of terrorist or extremist attacks.
  • Maximum award? Up to $150,000 per site, up to three sites.
  • Key Dates? Application opens April 24, 2024, and closes May 29, 2024.
  • No cost-share requirement.

Nonprofits hold crucial data that cybercriminals find attractive. These organizations often lack the resources to implement robust cybersecurity measures, leaving them exposed to data breaches and cyber-attacks.

With incidents of extremist attacks on the rise, nonprofits need financial support to enhance their cybersecurity infrastructure. Programs like the Nonprofit Security Grant Program (NSGP) provide the necessary funding to safeguard these vulnerable entities.

Nonprofit Security Grant Overview - cybersecurity grants for nonprofits infographic pillar-4-steps

Understanding Cybersecurity Grants for Nonprofits

Nonprofits hold crucial data that cybercriminals find attractive. These organizations often lack the resources to implement robust cybersecurity measures, leaving them exposed to data breaches and cyber-attacks. With incidents of extremist attacks on the rise, nonprofits need financial support to enhance their cybersecurity infrastructure. Programs like the Nonprofit Security Grant Program (NSGP) provide the necessary funding to safeguard these vulnerable entities.

State and Local Cybersecurity Grant Program (SLCGP)

The State and Local Cybersecurity Grant Program (SLCGP) is a key initiative aimed at bolstering the cybersecurity posture of state, local, and territorial governments. Funded by the Infrastructure Investment and Jobs Act, this program is administered by the Cybersecurity and Infrastructure Security Agency (CISA).

Funding and Allocation:
– The SLCGP has a massive allocation of $374.9 million.
– This funding is intended to help governments develop and implement comprehensive cybersecurity plans.

Eligibility:
– State, local, tribal, and territorial governments are eligible to apply.
– Nonprofits can benefit indirectly by partnering with these entities to enhance community-wide cybersecurity efforts.

Application Process:
1. Find Your State Administrative Agency (SAA): The SAA acts as the primary applicant and sets the internal deadlines.
2. Submit Through Grants.gov: Applications must be submitted through the Grants.gov portal.
3. Develop a Cybersecurity Plan: A detailed cybersecurity plan must outline the strategies and measures to be implemented.

7 technology shifts for 2024

Nonprofit Security Grant Program (NSGP)

The NSGP specifically targets nonprofit organizations that are at high risk of terrorist attacks. Administered by the Federal Emergency Management Agency (FEMA), this program provides funding for both physical and cybersecurity enhancements.

Funding and Allocation:
– The FY23 allocation for the NSGP was $305,000,000.
– Nonprofits can request up to $150,000 per site, with a maximum of three sites per funding stream (NSGP-S and NSGP-UA).

Eligibility:
– Nonprofits that are at high risk of terrorist attacks.
– Each location must have an individual application, and no combination of site applications can exceed $450,000 per funding stream.

Application Process:
1. Verify Eligibility: Review the Notice of Funding Opportunity to ensure your organization qualifies.
2. Contact Your SAA: Establish contact with the SAA to understand specific deadlines and requirements.
3. Submit an Investment Justification: This is a crucial part of the application where you describe the risks/threats your organization faces and propose projects to mitigate these risks.
4. Use FEMA Templates: Utilize the templates provided by FEMA to ensure all required information is included.

Allowable Costs:
Planning: Development of security plans and procedures.
Equipment: Facility hardening and cybersecurity enhancements, as listed in the DHS Authorized Equipment List.
Training & Exercises: Security training and drills.
Contracted Security Personnel: Hiring security staff.
Management and Administration (M&A) Fees: Costs related to managing the grant, capped at 5% of the total award.

Understanding these cybersecurity grants for nonprofits is essential for securing the necessary funds to protect sensitive data and enhance overall security measures. By leveraging programs like the SLCGP and NSGP, nonprofits can significantly improve their resilience against cyber threats and physical attacks.

How to Apply for Cybersecurity Grants

Finding Your State Administrative Agency (SAA)

To apply for cybersecurity grants, start by finding your State Administrative Agency (SAA). The SAA is your primary contact and will guide you through the application process. Each state has its own SAA, responsible for setting the application deadlines and ensuring that all requirements are met.

You can find your SAA’s contact information on the FEMA website. Reach out to them to get details about the specific deadlines and any state-specific requirements.

Investment Justification for Nonprofit Security Grant Program

When applying for the Nonprofit Security Grant Program (NSGP), one of the key components is the Investment Justification (IJ). This document is a template provided by FEMA and is crucial for your application. Here’s how to complete it effectively:

  1. Grants.gov: Start by registering your organization on Grants.gov. This is the portal where you will submit your application. Make sure your organization has a Unique Entity ID (SAM), replacing the old DUNS number.

  2. Cybersecurity Plan: Develop a comprehensive cybersecurity plan. This plan should detail the current security posture of your organization, identify vulnerabilities, and outline the measures you plan to implement to address these risks.

  3. Cybersecurity Planning Committee: Form a committee within your organization to oversee the cybersecurity initiatives. This committee should include members from various departments to ensure a well-rounded approach to security.

  4. Contact Information: Clearly list the contact information of your organization and the primary point of contact for the grant application. This ensures that the SAA and FEMA can easily reach you for any clarifications.

  5. Application Deadline: Be aware of the specific deadlines set by your SAA. These deadlines are usually earlier than the FEMA deadline, so plan accordingly to avoid any last-minute rush.

  6. Requirements: Ensure you meet all the requirements outlined by FEMA and your SAA. This includes completing all necessary forms, providing supporting documents, and adhering to any state-specific guidelines.

  7. FEMA Template: Use the FEMA-provided IJ template to describe your proposed projects. This template will guide you in detailing the risks and threats your organization faces, and how the grant funds will be used to mitigate these risks.

  8. Risks/Threats Description: Clearly describe the specific risks and threats your organization faces. This could include potential terrorist attacks, cyber threats, or other vulnerabilities. Use data and statistics to back up your claims.

  9. Proposed Projects: Outline the projects you plan to undertake with the grant funds. This could include purchasing security equipment, hiring security personnel, conducting training and exercises, or implementing cybersecurity measures. Be specific about how each project will enhance your organization’s security.

By following these steps and ensuring all parts of your application are thorough and well-documented, you increase your chances of securing the necessary funds to enhance your organization’s security.

Next, we will discuss how to maximize your grant application to ensure you get the most out of the available funding.

Maximizing Your Grant Application

Allowable Costs and Priorities

When applying for cybersecurity grants for nonprofits, understand what costs are allowed and which priorities to focus on. This ensures that your application aligns with the funding guidelines and increases your chances of securing the grant. Here’s a breakdown of the key areas:

1. Planning

Effective planning is crucial for a robust cybersecurity strategy. Grant funds can be used for:

  • Developing emergency preparedness plans
  • Conducting risk assessments
  • Creating cybersecurity frameworks

Planning should outline how you will address potential threats and integrate your cybersecurity efforts with broader state and local preparedness activities.

2. Equipment

Eligible equipment costs focus on facility hardening and both physical and cybersecurity enhancements. Examples include:

  • Surveillance cameras (excluding facial recognition and license plate readers)
  • Access control systems
  • Cybersecurity tools like firewalls and anti-virus software

All equipment must be listed in the DHS Authorized Equipment List (AEL).

3. Construction and Renovation

Funds can be allocated for construction and renovation projects aimed at enhancing security. This includes:

  • Reinforcing entry points with stronger doors and windows
  • Installing barriers or fencing around the facility
  • Upgrading lighting systems for better visibility

Such improvements help protect against unauthorized access and potential attacks.

4. Training

Training is a critical component of cybersecurity readiness. Grants can cover:

  • Security awareness training for staff
  • Specialized training for IT personnel on cybersecurity best practices
  • Drills and exercises to prepare for potential security incidents

Training ensures that everyone in your organization knows how to respond to threats effectively.

5. Exercises

Conducting regular exercises helps test your security plans and identify areas for improvement. Funded exercises can include:

  • Simulated cyber-attacks to test your defenses
  • Emergency response drills
  • Coordination exercises with local law enforcement and emergency services

These exercises help ensure your organization is prepared for real-world scenarios.

6. Target Hardening

Target hardening involves making your facility more resistant to attacks through physical security measures. This can include:

  • Installing shatterproof glass
  • Reinforcing walls or adding protective barriers
  • Implementing advanced locking mechanisms

Such measures make it more difficult for attackers to cause harm.

7. Facility Security Enhancement Equipment

This category covers various types of security equipment aimed at enhancing overall facility security. Examples include:

  • Intrusion detection systems
  • Panic buttons
  • Alarm systems

These tools help detect and respond to security incidents quickly.

8. Inspection and Screening Systems

Inspection and screening systems are vital for preventing unauthorized access. Grant funds can be used for:

  • Metal detectors
  • X-ray machines
  • Bag inspection systems

These systems help ensure that only authorized individuals and items enter your facility.

By focusing on these allowable costs and priorities, you can create a comprehensive and compelling grant application. This approach not only aligns with funding guidelines but also maximizes the impact of the grant on your organization’s security.

Next, we will address some frequently asked questions about cybersecurity grants to further assist you in the application process.

Frequently Asked Questions about Cybersecurity Grants

How do you fund cybersecurity?

Funding cybersecurity for nonprofits can be achieved through various grant programs. One of the primary sources is the State and Local Cybersecurity Grant Program (SLCGP), which is managed by the Cybersecurity and Infrastructure Security Agency (CISA). This program was established under the Infrastructure Investment and Jobs Act and has allocated $374.9 million to support cybersecurity efforts.

Another significant funding source is the Nonprofit Security Grant Program (NSGP), administered by FEMA. This program provides funding specifically for physical and cybersecurity enhancements for nonprofits at high risk of terrorist or extremist attacks. In FY 2024, the NSGP has allocated $305,000,000.

How to apply for state and local cybersecurity grant program?

To apply for the State and Local Cybersecurity Grant Program, follow these steps:

  1. Verify Eligibility: Ensure your organization is eligible to apply. Typically, this includes state, local, tribal, and territorial governments.

  2. Register on Grants.gov: Create an account on Grants.gov if you haven’t already. This platform is where you’ll find the grant application and submit your proposal.

  3. Prepare a Cybersecurity Plan: Develop a comprehensive cybersecurity plan that outlines your organization’s current security posture, identified risks, and proposed enhancements. This plan should align with the goals of the SLCGP.

  4. Submit Your Application: Complete and submit your application through Grants.gov before the specified deadline. Make sure to follow all guidelines and requirements outlined in the Notice of Funding Opportunity (NOFO).

What is the investment justification for the nonprofit security grant program?

The investment justification is a critical component of your application for the Nonprofit Security Grant Program (NSGP). It helps FEMA understand your organization’s specific security needs and how the requested funds will address them. Here’s how to prepare it:

  1. FEMA Template: Use the FEMA-provided template for the investment justification. This ensures you include all required information and formats your proposal correctly.

  2. Describe Risks and Threats: Clearly articulate the risks and threats your organization faces. This could include past incidents, local crime statistics, or specific threats to your community.

  3. Proposed Projects: Detail the security enhancements you plan to implement with the grant funds. This might include installing security cameras, hiring security personnel, or conducting cybersecurity training.

By thoroughly addressing these elements, you can create a strong investment justification that demonstrates the necessity and impact of the requested funding.

Next, we’ll wrap up our guide with some concluding thoughts on the importance of cybersecurity for nonprofits and how Cyber Command can support your efforts.

Conclusion

In today’s digital landscape, cybersecurity is not just an IT concern—it’s a fundamental aspect of maintaining trust and operational integrity for nonprofits. With sensitive data about donors, beneficiaries, and operations, nonprofits are prime targets for cybercriminals. A single breach can have devastating consequences, from financial losses to irreparable damage to your organization’s reputation.

The importance of cybersecurity grants for nonprofits cannot be overstated. These grants provide essential funding to help nonprofits enhance their security posture, ensuring they can continue their missions without the looming worry of cyber threats. Programs like the Nonprofit Security Grant Program (NSGP) offer vital resources for both physical and cybersecurity enhancements, helping to safeguard your organization against a wide range of threats.

At Cyber Command, we understand the unique challenges nonprofits face in securing their digital and physical assets. Our commitment to your security is unwavering because we believe in the power of your mission. Whether it’s helping you navigate the complexities of grant applications or implementing robust cybersecurity measures, we are here to support you every step of the way.

Ready to secure your nonprofit’s future? Discover how we can help. Together, we can achieve more than just security; we can ensure your nonprofit continues to make a significant impact, free from the constraints of cyber vulnerabilities.

Nonprofit Security - cybersecurity grants for nonprofits

By prioritizing cybersecurity and leveraging available grants, your nonprofit can build a safer, more resilient future. Let’s work together to protect what matters most so that you can focus on making a difference in the world.