Technological advancements are giving ministries unprecedented capabilities. They are also leading to increased cybersecurity risks, threatening operations, finances, and reputations of ministries. In fact, “cyber threats jumped to the top of the list when leaders assessed both near- and long-term outlooks…”1 In the course of the next decade, AI, cloud, and the development of quantum computing will change the cyber threat landscape.
At Adventist Risk Management, Inc. (ARM), we want to connect you the latest information and tools to prevent and manage these threats. Here are the top trends relevant to ministries and why leadership is critical to cultivating a culture of security.
AI Driven Threats
Artificial intelligence is transforming many organizations, automating what once required human labor. Cybercriminals are utilizing AI to wage sophisticated attacks on organizations. Through automation, hackers can more easily bypass security.2 In a recent study, researchers found that AI makes it easier for bad actors to take advantage of users. In fact, researchers found that large language models can achieve what marketing departments can only dream: a 54% click-through rate.3 This increases the efficiency and effectiveness of these attacks, underscoring the importance of multifactor authentication and training to identify threats. This way, ministries can be prepared to identify, prevent, and manage cyberattacks.Advanced Phishing and Social Engineering
Phishing continues to be the primary tool cybercriminals use to access sensitive information. The National Institute of Standards and Technology defines phishing as the attempt “to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”4 Email is a vulnerability in the security infrastructure of Adventist organizations and the need to train ministry leaders and staff on the risks of phishing are important now as ever.5With the sophistication of deepfake technology and social engineering, bad actors employ new tactics to deceive people in ways that require increased training initiatives.6 It is becoming necessary to adopt “never trust, always verify” principles in information access.7 Phishing can also expose organizations to ransom attacks where more advanced techniques like double extortion are used. This means that bad actors “encrypt data but also threaten to release sensitive information unless a ransom is paid.”8 Comprehensive training programs and multi-factor authentication are critical to reduce the success of attacks.
Supply Chain Risks
Supply chain risks have increased and are expected to continue to rise.9 According to The Cybersecurity and Infrastructure Security Agency, a software supply chain attack “occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers.”10 In this way, data is compromised, presenting serious threats to Adventist organizations. Tony Vargas, ARM's Vice President and Chief Information Officer/CISO, explains that, in other words, “bad actors infiltrate your system(s) through an outside provider of software or services that you use, such as security tools, management tools, or even antivirus software.”11Vargas emphasizes conducting risk assessments on all vendors, adding “once you understand what steps they take to secure their systems and processes, you’ll be better equipped to know whether you should continue using them.” He also encourages limiting outbound network traffic as much as possible.
Why Leadership Matters
In 2025, ARM wants to prioritize a culture of risk management and safety. We define a culture of safety as the beliefs and practices that form a safe community. It is increasingly urgent to protect and minimize the threats cyberattacks present for the operations, finances, and reputations of ministries. Hay agrees, emphasizing his decades of experience shows that “cybersecurity is not just a technical issue—it’s a leadership challenge.”12We want to ensure that frontline ministry leaders have everything they need to stay informed and responsive. This begins with training and solid response plans. Cybersecurity should be a priority for all risk management plans. In this way, regardless of the challenges, ministries can demonstrate resilience.
