Capability 01
Mission-priced.
Apply for the non-profit tier and we reply within three business days with a price we can both live with. No haggling. No surprise per-seat charges. We size the price to the org, not to the line item.
For Non-profits
A tabletop that respects your mission — and your budget.
Built for non-profits with a cyber-grant requirement, an insurance ask, or a board pushing for a tested IR plan. Mission-priced tier. Donor-data scenarios. The AAR your funder accepts.
The problem
Your funder wants proof. Your insurance carrier wants proof. Your IT volunteer can't write an AAR.
Cybersecurity grants and insurance underwriters have started asking non-profits the same questions they ask hospitals: do you have a tested IR plan, and where's the proof? But the going rate for a consultant-run tabletop is the same number a hospital pays — which is unworkable when your annual security spend is a fraction of that. Annual Tabletop's mission-priced tier is built for this. Apply, get a price, run the exercise, hand the AAR to your funder.
Why Annual Tabletop fits
Built for non-profits — not retrofitted from an enterprise SOC tool.
Capability 02
Donor-data and fundraising scenarios.
Our library includes scenarios built for non-profit threat models — donor-data leak, fundraising-platform breach, volunteer-credential compromise. Not enterprise SOC fan-fiction.
Capability 03
An AAR your funder will accept.
The AAR is HSEEP-conformant and carries the framework crosswalks most cybersecurity grants reference. Forward-able to your funder, your underwriter, and your board.
Scenarios for Non-profit
1 scenario tuned to your environment.
Framework crosswalks: Non-profit cyber-grant frameworks, mission-priced tier
- Data ExposureIntro
Donor PII Exposure — Non-Profit Cyber-Grant Reporting
A misconfigured S3 bucket exposes 11 years of donor records. Walk the response under non-profit cyber-grant reporting requirements and donor trust constraints.
- NIST CSF 2.0
Sample AAR
Sample non-profit AAR. Donor-data scenario, NIST CSF 2.0 crosswalk, decisions captured against the resources your org actually has.
The AAR is the artifact. It's what your funder actually reads. Every Annual Tabletop exercise produces one.
After-Action Report
Non-profits — Sample Exercise
Conducted via Annual Tabletop · 60 minutes · Non-profit cyber-grant frameworks, mission-priced tier
- Scenario
- Constrained-decision injects tuned to a Non-profit environment.
- Decisions captured
- Three time-boxed decisions, scored against your plan. Each maps to a framework control in the AAR.
- Framework crosswalk
- Non-profit cyber-grant frameworksmission-priced tier
Pricing
Mission-priced, not negotiated.
Tell us about your mission, your cyber-grant or insurance requirement, and the scenarios you need. We reply within three business days with a price.
FAQ
Non-profits — questions we get
How does mission pricing actually work?
You apply with your mission, your scenario need, and your funder requirement. We send back a price. We do not list a number publicly because the right number for a 10-person animal-rescue is not the right number for a 200-person regional housing org. We size to the org.What scenarios are most relevant for non-profits?
Donor-data leak, fundraising-platform breach, volunteer credential compromise, ransomware against case-management systems. We can also tune one to your specific threat model.Will the AAR satisfy our cybersecurity grant requirement?
In our experience, yes. Most cyber-grant programs ask for a tested IR plan with documented evidence — which is exactly what the AAR is. If your funder has a specific framework requirement, tell us when you apply and we'll confirm the crosswalk is in scope.Can our board attend?
Yes. We strongly recommend board IT-committee attendance for non-profit exercises. The AAR makes the case for the next year's security investment in language a board can act on.How long does this take?
60–90 minutes for the exercise itself. Application turnaround is three business days.