In an increasingly digital world, no organization is immune to cyber threats—including churches. While most people don’t associate places of worship with cybersecurity risks, the reality is that churches and religious organizations have become prime targets for cybercriminals. From ransomware to phishing, attackers are exploiting weaknesses in faith-based institutions that often operate with limited IT resources.
Churches may not have million-dollar bank accounts, but they possess something just as valuable: data and trust. Here’s why they’re attractive to cybercriminals:
Sensitive Information: Churches store detailed records about their congregants—names, addresses, phone numbers, donations, even counseling notes.
Online Donations: With the rise of digital tithing and giving platforms, churches process financial transactions that can be intercepted or manipulated.
Low Cybersecurity Readiness: Many churches rely on volunteer-run IT systems or outdated technology, making them easier targets.
Public Leadership: Pastors and staff are publicly known, making it easier for criminals to impersonate them in email or text scams.
Fast Payment Pressure: Ransomware attackers know that churches may pay quickly to restore critical systems, especially around holidays or major events.
Here are just a few recent examples that illustrate how real—and growing—this threat is:
The global Christian inter-church organization was hit by a ransomware attack from the Rhysida group, who demanded nearly $280,000 in Bitcoin and threatened to leak data.
RansomHub, a known ransomware gang, targeted this prominent Washington, D.C. church, disrupting operations and possibly compromising personal data.
Scammers created a fake Gmail account impersonating the church’s pastor and reached out to members for “urgent help”—a classic Business Email Compromise (BEC) tactic.
As part of a politically motivated campaign, hacktivists leaked sensitive data from River Valley Church, showing that ideological motivations are also in play.
Ransomware disrupted this church-affiliated school’s servers during Easter, impacting access to administrative systems and school operations.
Cybersecurity doesn’t have to be complex. Here are basic, high-impact steps churches can take:
Enable Multi-Factor Authentication (MFA) for email and admin accounts.
Back up critical data regularly and store copies offline.
Update software and plugins (especially for websites and giving platforms).
Educate staff and volunteers on common cyber threats like phishing.
Use a secure email domain—avoid generic Gmail/Yahoo addresses for official communications.
Partner with a cybersecurity provider that understands the unique needs of faith-based organizations.
At Bawn, we specialize in helping small and midsize organizations—including churches—protect what matters most. Our team includes former FBI cyber agents who understand how attackers think and how to defend against them.
We offer approachable, affordable cybersecurity solutions tailored for faith-based communities. Whether you need help training your staff, securing your donation platform, or building a simple protection plan, we’re here to help.