Stories about data breaches at large organizations are constantly in the news. In 2017 alone, 2.5 billion data records were compromised in publicly disclosed breaches globally. It’s no surprise, then, that the ASAE Foundation research brief Association Data Breach Preparedness, part of the foundation’s body of research on technology, reports that CEOs and CIOs are concerned about cyberattacks—and most leaders expect them. To ensure they can respond quickly and effectively to mitigate the damage from attacks, leaders are focusing on preparedness and training.

According to the ASAE ForesightWorks “Fraying Cybersecurity” action brief, emerging challenges include cyberattacks by governments, increasingly sophisticated data theft, and risks related to newer technologies like wearable devices. Associations can provide guidance and advocacy for their members in responding to these challenges, but leaders will find it increasingly important to keep up with changing technologies and developing threats themselves.

Focus group findings from the Association Data Breach Preparedness brief indicate that breaches often served as the impetus to address cybersecurity concerns, but there’s no reason to wait for an attack to take action. Data security and attack response plans can and should be developed in advance. Proactive association leaders can take the following additional steps to promote cybersecurity within their organizations and in the communities they represent.

Provide training. All of the associations represented in Association Data Breach Preparedness offered training for staff members. Many turned to IT consultants for effective training materials, such as online modules. Human error is a factor in many breaches, so training programs can help staff understand risks and identify possible threats.

Promote knowledge. Associations can support their field by promoting an informed approach to cybersecurity to their members and by supplying the appropriate tools to members who need them. The “Fraying Cybersecurity” action brief points out that members, particularly at smaller organizations, may not have the capacity to research cybersecurity needs or take protective steps. Associations can offer technical expertise as a member service and keep members informed with ongoing alerts or webinars.

Influence the regulatory environment. The ASAE ForesightWorks action brief “Ethical Edge of Innovation” describes how new technologies will continue to outpace rules and regulations for their use. Associations have an opportunity to influence the development of regulations on technology-related issues. Leaders can identify the technology needs and vulnerabilities of their members and seek a place at the table as new regulations are drafted. They can also develop guidance for the use of emerging technologies, which can help to position associations and the industries they represent as early adaptors of ethical and effective practices.