Picture the meeting.
The IT item sits near the bottom of the agenda, after the finance report and before general business. Someone raises a fair concern about cost. Someone else says the timing is not right. The board agrees the issue matters, but parks it until next quarter, when there will be more information. Everyone leaves feeling responsible.
Six months later, nothing has moved. The quote is higher. The risk is larger. Staff have built another spreadsheet workaround. Members are still dealing with clunky renewals, slow responses and records that do not match. The board thought it had deferred a technology decision. In fact, it had approved another six months of hidden costs.
Every Association Has Had This Meeting
This is not a small corner of the economy to get wrong.
Australia's charities and not-for-profits employ 1.54 million people, more than one in ten working Australians, lean on 3.77 million volunteers, and turn over a record $222 billion a year, according to the ACNC's 2025 Australian Charities Report.
For an association, IT failure rarely looks like a server going down. It looks like renewal leakage, event registration friction, CPD records that will not reconcile, committee papers emailed around insecurely, staff updating member records by hand, and volunteers using personal accounts to keep things moving. None of it trips an alarm. All of it quietly costs money. And the decision deferred in a quarterly meeting does not stay small. It compounds.
Why "Wait and See" Feels Like Good Governance
Boards are not being careless. They are using instincts that serve them well almost everywhere else. Holding off on spending usually saves money. Most directors made their names in finance, broking, law or property, fields where patience genuinely lowered risk. Technology vendors have a long history of overpromising, so a little scepticism is well earned. And "if it still works, why touch it" is a sound rule for the office furniture.
The instinct is right. The setting is wrong. When the sector chooses to move, it can: Infoxchange's 2025 report on not-for-profit technology found cloud collaboration tools have climbed from 24% of organisations a decade ago to 87% today, while warning that the basics of cyber security, including multi-factor authentication, still lag well behind. Technology is one of the rare places where sitting still raises your cost and your risk at the same time.
The Four Costs Most Association Boards Do Not See
No budget line is labelled "the cost of doing nothing," so the loss shows up in places the board is not always looking. Picture a national association: 8,000 members, a dozen staff, a board of accomplished volunteers. Nothing is on fire, and yet it is losing ground in four places no one has measured.
Productivity: Recent research from Pegasystems found 64% of workers say their tools slow them down, and only a third describe their workplace technology as helpful. In an association, the membership officer is rekeying data between two systems that will not talk to each other, and the finance lead is waiting on a report that should be instant. It never reaches the P&L. It is simply salary paid for work that did not happen.
Member experience: A clunky renewal page, an automated email that fires twice or not at all, and a CPD record that will not sync. Members rarely complain. They renew late, or not at all, or they drift away. After the 2025 attacks on the super funds, Deloitte told fund boards that trust and a strong digital experience are now a competitive advantage rather than a compliance cost, and the same is true for a membership body. The arithmetic is plain: for our 8,000-member association at $400 a head, a 2% slip in renewals is $64,000, and it repeats every year.
Risk: In the first half of 2025, the OAIC was notified of 532 data breaches, 59% of which were caused by malicious or criminal attacks. The Australian Signals Directorate received 84,700 cybercrime reports in its latest year, roughly one every six minutes, and put the average cost to a small business at $56,600. The lesson for associations is simple. A member-based organisation holds personal data, payment details, login credentials, and member trust, which makes it a target. The April 2025 super fund attacks showed how stolen passwords can expose even large, board-governed institutions, and Qantas highlighted a second risk when a third-party platform became the breach. For any association that runs its membership, event, or CRM systems through an outside provider, that is a board-level issue.
Talent: That same Pegasystems research found more than a third of workers would consider leaving over poor technology. With Australian turnover already near 16%, that matters. Replacing an experienced staff member can easily cost well beyond their salary once recruitment, onboarding and lost productivity are counted, and the ops manager who finally tires of fighting your systems takes years of member knowledge out the door with her.
None of these four shows up on the agenda. All four show up on the bottom line, at the same time.
Why Next Step Starts With the Cost of Inaction
This is exactly why Next Step Infrastructure Services begins with a cost-of-inaction conversation before discussing tools, licences, or projects. For an association leader, the first job is not to buy technology. It is to see clearly where the current setup is already costing money, time, member trust and resilience. Treat that as the starting point, and a sensible IT strategy for associations almost writes itself.
The Question That Changes the Conversation
Boards are trained to ask what something will cost. That is half a question. The half that protects the organisation is what it is already costing you to do nothing. The price of acting is easy to see and easy to quote; the price of waiting is spread thin and easy to ignore, so the board studies the figure in front of it and never sets it against the larger one that is not on the page. The regulators have already made the leap: after the April super fund attacks, APRA wrote to boards warning that a weak control environment was an unacceptable threat to members' money and data. So the sharper questions are not "can we afford to upgrade this year" but "can we afford another year of what we are losing now," and not "is the system still working" but "what is it costing us in productivity, members, risk and people."
A 20-Minute Board Exercise
You can surface the real number at your next meeting. Ask management to estimate, honestly:
- How many hours a week does staff lose to manual workarounds?
- How many members fail to renew because of friction or poor communication?
- Which systems hold member personal data, and whether multi-factor authentication is switched on.
- Which single staff member, if they resigned tomorrow, would leave the biggest operational gap?
- What the association would do if its CRM, email or finance system were unavailable for 48 hours.
You will not get precise figures. You will get something more useful: a board that can finally see the cost it has been carrying.
The Bottom Line
Caution about technology often looks like prudence but is not. The cost lands across productivity, members, risk and people, whether or not anyone names it, and the breach figures, the regulators, and the job market have all stopped waiting for boards to catch up.
Next Step Infrastructure Services helps associations find that hidden cost before they commit to another year of workarounds. Our cost-of-inaction review examines four areas: productivity, member experience, cyber risk, and staff dependency. No jargon, no pressure to buy technology, just a clear view of what your current environment is already costing you. That is where good IT services for associations should start. If IT is on your next board agenda, talk to Next Step before the meeting, and walk in with the real number.
