Thousands of crimes targeting Australia's NFPs are going unreported, a detailed study into not-for-profit governance has revealed.

The Institute of Community Directors Australia's latest Spotlight Report examines the impact of fraud and cybercrime on NFPs.

Informed by a nationwide survey of nearly 1900 community leaders, ICDA Spotlight Report: Fraud & Cybercrime shows that one in five organisations suffered a crime of some sort in the year leading up to the survey.

Applying those figures to an estimated 600,000 Australian NFPs – many of them small organisations with limited resources – would suggest that as many as 114,000 organisations have been affected by fraud or cybercrime.

Yet nearly two-thirds of those crimes are not reported to police, according to survey results, and just one in five is reported to an insurance company.

According to the study, asset theft and cyber-hacking are the most common crimes, followed by credit-card fraud and cash thefts.

In about a quarter of asset theft cases, the perpetrator was either a staffer or a volunteer.

Cash thefts were the most likely to be reported to police.

Other serious crimes, such as payroll fraud, bribes, data theft or ransom, or expenses fraud were reported by less than 3 per cent of organisations.

Most credit-card fraud (59 per cent) and cyber attacks (53 per cent) were perpetrated by online criminals.

In a concerning result, the study found that up to 20 percent of crime-affected organisations reported suffering several criminal incidents in a year.

The largest proportion of uncovered fraud comes from staff whistleblowers.