How Much Should Nonprofits and Associations Spend on Technology?

Quick Takeaways
- There is no universal “right percentage” of revenue and funding to spend on technology.
- Technology investment should be evaluated like any other investment: what does it cost, what does it produce, and what does it cost if you don’t do it?
- Security spending and AI spending are different calculations, and conflating them leads to bad decisions.
- Deferring security investment doesn’t eliminate the cost. It typically multiplies it.
- Total cost of ownership matters. A technology decision is never just the sticker price.
Every year, association and nonprofit executives hit the same wall when budget season arrives. The board wants a number. The CFO wants a benchmark. Someone finds a survey that says organizations your size spend three to five percent of revenue on technology and suddenly that number becomes the ceiling instead of the starting point.
The problem is that giving a universal percentage tells you nothing about whether your technology is actually working for your mission. It just tells you what other people are spending.
How much of your budget should nonprofits and associations spend on technology? The honest answer starts with a different question: what does your technology need to do, what happens if it doesn’t, and what’s that failure actually worth to you?
We say that knowing full well that we are, in fact, an IT company, and we have an obvious interest in how you think about technology spending. We’re telling you that upfront because we think the more useful thing we can do — more useful than handing you a benchmark — is give you a framework for evaluating technology the way you’d evaluate any other investment: what does it cost, what does it produce, and what does it cost you if you don’t do it?
Why ‘What Percentage Should We Spend?’ Is the Wrong Question
When you frame your technology budget as a percentage, that’s actually treating your technology like overhead and a necessary cost to manage down, not an investment to manage up.
Greg Starling, Head of Innovation and Growth at Doyon Technology Group, reframes the approach entirely. “I would push back and say: how much money should you allocate toward marketing? And the answer is infinite. If for every dollar you spend you make more than a dollar coming back, you should just invest until that stops happening. Technology is the same.”
That’s a different question entirely. It shifts the conversation from “how do we minimize this expense?” to “where does technology create more value than it costs, and how do we find more of those opportunities?“
Not every technology investment maps cleanly to revenue. Security doesn’t add members. A helpdesk system doesn’t expand conference attendance. But that doesn’t mean they’re any less worth investing in. It just means you’re measuring different things (risk reduction, operational continuity, staff capacity), rather than revenue growth.
How Should Associations Think About Technology Investment Differently from Other Operating Costs?
The organizations that get the most out of their technology investment share a common habit: they treat IT as a strategic function, not a service contract.
That shift changes how you budget. Instead of asking “what’s the minimum we need to spend to keep things running?” you ask “what’s the technology roadmap that supports our three-year goals, and what does it cost to execute it?”
That roadmap approach also changes when you’re faced with difficult decisions. If you know your association’s infrastructure maturity, you know which investments are:
- Foundational (non-negotiable)
- Next-layer enhancements (prioritized)
- Advanced capabilities (scheduled).
And with that information, you’re allocating budget against a plan instead of against whatever the loudest problem is this quarter.
This is especially important for associations and nonprofits because technology touches almost everything you do. Your most critical departments — think member management, advocacy communications, events, credentialing, financial operations — most of these are deeply dependent on the tools and IT infrastructure behind them. Without a plan for how you invest in that infrastructure, you’re leaving those functions exposed without realizing it.
Why Is Cybersecurity Investment So Hard to Justify, and How Do You Make the Case?
Security is genuinely different from other technology investments. The number you invest is not simply calculated by looking at the price of a tool or a product. You also need to think about what it costs to reduce your risk. Greg puts it plainly: “Some of the security things is just peace of mind. If this breaks, it’s going to cost this much. How much risk are we willing to take on? That’s a real conversation.”
That reframe helps CFOs in particular. It’s the same logic you apply to any insurance decision. Some organizations are comfortable with liability coverage. Others want full coverage. Everyone needs something. The right level depends on your organization’s data, your members’ expectations, your regulatory environment, and your capacity to absorb a disruption.
For associations and nonprofits specifically, Kevin Fassanella, Director of Security & Compliance at designDATA, has seen this firsthand:
“These organizations run on trust from their members, their donors, their communities. They put faith into them to be the good stewards of their information. So a breach doesn’t just cost you an incident response and recovery. It costs you the trust of your customers and your clientele. And in this space, that reputational damage can be absolutely astronomical.”
What a good security roadmap does is let you make your IT investment decision intentionally. Security investment doesn’t have to happen all at once. You build your foundations first, then layer more advanced capabilities on top of that, then refine and add AI-assisted monitoring and detection. The investment scales with your maturity. You’re not buying a finished security program on day one; you’re building one.
What that roadmap prevents is the alternative: compressing years of deferred investment into an emergency catch-up after something goes wrong. When you finally decide to act in a crisis, you’re not building, you’re trying to recover. And recovery is always more expensive.
What Does It Actually Cost When You Under-Invest in Technology?
Under-investing in technology has a cost. It just rarely arrives all at once:
- Staff working around tools that don’t fit, spending time on technology problems instead of the work that actually moves the mission forward
- New employees taking longer to get productive because onboarding is inconsistent
- Microsoft 365 sitting mostly unused because no one was ever trained on it
- IT projects dragging past deadlines and over budget, eroding confidence each time
- A helpdesk no one calls anymore because staff have learned it’s easier to just deal with problems on their own
None of it looks like a crisis. But it compounds. And the accumulated cost in staff time, mission impact, and eventual turnover is real.
The security side of this equation tends to arrive more suddenly. If you want the full picture, including a real story from a technology leader who watched a deferred security decision turn into a seven-figure loss, read: The Hidden Cost of Deferring Cybersecurity Investment.
How Should Organizations Budget for AI, and What Does a Return on That Investment Look Like?
AI is the investment where the traditional ROI framework applies most directly. When you’re building an AI tool or workflow, you can often model the return: how many hours does this save per week, what does that time cost, and how does the output value compare to the investment?
Greg’s framing is simple: “If we build this for you, it is going to cost this much and it’s going to generate this much value. If it’s generating more value than it’s costing, you should continue to allocate dollars to it until that stops happening.”
For associations specifically, AI creates measurable opportunities in areas like member communications, content production, credentialing workflows, and advocacy research. These are functions with real labor costs behind them. When AI handles the repetitive processing, staff capacity shifts toward higher-value work.
In the AI-Native Association profile — a modeled operational blueprint based on tools and workflows available today —we illustrate how a 42-person association can effectively operate with the output capacity of approximately 100 people. In that scenario, member retention could improve from 81% to 89% over 18 months, while month-end close could dropped from 12 days to 5. The technology investment that produced those results came in at roughly $180,000 annually, offset by over $320,000 in eliminated costs.
What makes these results possible is having the security infrastructure underneath AI adoption that keeps member data protected and keeps staff using the tools confidently. AI investment without security governance is an accelerator pointed in an uncertain direction. The two are not separate budget decisions.
What Does Total Cost of Ownership Mean for Association Technology Decisions?
One of the most common places associations and nonprofits lose money on technology is in incomplete purchasing decisions. Many organizations will think a system looks affordable at the contract stage. But they don’t consider the integrations, the training, the helpdesk calls, the renewal surprises or the replacement costs when it turns out the product doesn’t actually fit the workflow.
Thinking about the total cost of ownership means asking: what does it actually cost to run this technology over three years? Not just the licensing fee, but the time staff spends managing it, the support burden, the IT overhead, the migration costs if you eventually move off it, and the productivity loss if it doesn’t deliver what was promised.
It’s like selling someone a car with all the latest features and not telling them it needs gas, oil changes, and new tires. A good technology partner tells you what it costs to run the car, not just the sticker price.
This is especially true for associations evaluating managed IT services. Some organizations will just focus on the monthly contract number. But the more useful comparison is the total operational cost of your technology function with a given partner, weighed against what it costs to manage it another way, and what outcomes each option actually produces.
Frequently Asked Questions
What percentage of its annual budget should an association spend on IT?
There’s no single right answer, and any vendor who gives you a confident percentage without understanding your organization is oversimplifying. The more useful question is: what does your technology investment need to produce, and are you currently getting that return? A strategic roadmap helps you evaluate spend against outcomes rather than against an abstract benchmark.
Is cybersecurity spending different from other IT costs?
Yes. Security investment is primarily about risk tolerance, not traditional ROI. The right way to frame it is: how much disruption or loss can your organization absorb if something goes wrong, and what does it cost to reduce that risk to an acceptable level? Most organizations find that proactive investment is significantly less expensive than reactive recovery.
How do we justify technology investment to a skeptical board or CFO?
Connect it to outcomes the board already cares about: member trust, operational continuity, staff capacity, and mission execution. Security protects the relationships and reputation that generate revenue. AI investments can often be modeled with direct returns. A phased roadmap lets you show a plan rather than asking for a blank check.
Can small associations afford to invest in AI and security?
A phased approach makes both accessible. You build foundational security first, layer capabilities over time, and invest in AI where the specific return is clearest. You don’t need to do everything at once. What you do need is a plan that prioritizes the right things in the right order.
What’s the hidden cost of sticking with the status quo?
Usually more than people expect. Deferred security investment tends to compound. Staff time spent working around technology gaps is invisible on the balance sheet but real in its impact. And when a breach or disruption does happen, the cost arrives all at once rather than spread across the years you could have been investing.
How do we know if we’re overpaying for IT?
The right comparison isn’t just the monthly number. It’s what you’re getting for it: proactive versus reactive support, strategic guidance, transparency on costs and project timelines, and a partner who helps you plan rather than one you’re constantly managing. If your team is managing your IT partner instead of the other way around, that’s a signal worth examining.
The Bottom Line on Technology Spending
So, how much should your association spend on technology? Enough to make it work for your mission instead of against it. The right number looks different for every organization, and it starts with knowing what you need your technology to do.
For associations and nonprofits, that means looking at three things together. AI creates capacity, security protects the investment, and training sustains adoption. These aren’t separate budget conversations; they’re one conversation about what it costs to accomplish your goals and increase your impact.
Before you can build a technology investment plan, you need to know what you’re working with. An IT assessment gives you that baseline: what’s working, what isn’t, and where the gaps are. Learn more: IT Assessment for Associations: What Do You Actually Get?
Ready to think through your own technology roadmap? Use our Managed IT Services Pricing Calculator to get a sense of what a managed IT program looks like for your organization, or book a strategy conversation with our team.

