The threat landscape facing civil society

“There are so many injustices in the world, and civil society is coming together to address them, yet this effort is under attack. […] The nature of those attacks is so specialised that it’s very hard for an NGO to fully grasp all the aspects of cybersecurity they need to protect themselves”

– Andrew McCracken, WaterAid International

Last year at the Peace Palace, under the auspices of the City of The Hague and in coordination with the International Civil Society Centre, numerous civil society organisations – including WaterAid International, Doctors without Borders, and Reporters Without Borders – raised the alarm: they are facing a growing wave of cyberattacks aimed at disrupting their missions.

We live in an era where crises no longer arrive one at a time. They converge and compound -war, political instability, disinformation and digital threats increasingly collide, overwhelming society’s ability to respond. At the centre of this storm sits civil society. From humanitarian relief to human rights advocacy and community development, non-profits are the connective tissue of social resilience.

Yet many still operate with minimal cybersecurity protections. In just 38 organisations, the CyberPeace Institute has identified over 969 vulnerabilities. Civil society actors hold sensitive data – on survivors of violence, whistleblowers, humanitarian corridors, and funding sources – making them prime targets for politically, ideologically or financially motivated attackers.

According to the CyberPeace Tracer, since 2018 over 600,000 digital threats have targeted civil society worldwide. Nearly 380,000 phishing emails and 216,000 exposed credentials have been detected. In the humanitarian sector alone, over 93,000 threats have been registered, affecting organisations already working under immense pressure. As the Cyber Threat Alliance reported, NGOs are now a top target of nation-state cyber operations. This is not a spike – it’s a sustained, structural threat.

In response to this collective call for cybersecurity, the CyberPeace Institute and partners launched a global action plan to safeguard a critical mass of NGOs by providing technical support, targeted funding and coordinated strategic efforts. Its goal: to close the cybersecurity gap between increasing attacks and limited resources.

Philanthropy is not immune. If non-profits are the engine of public-interest work, philanthropy is the fuel – and fuel is flammable. When services are taken offline or beneficiary data is compromised, funders don’t just lose money – they risk amplifying harm. Cybersecurity is no longer a niche IT issue. It’s a duty of care for both funders and the organisations they support.

State-aligned and criminal actors have increasingly targeted institutions handling research, policy, and citizen data – sectors closely linked to non-profit work. Microsoft’s 2024 Digital Defense Report found that research and education institutions are now the second-most targeted by state actors, a signal for the broader public-interest space relying on similar data and infrastructure.

Europe’s geopolitical context compounds this risk. Since 2014 – and especially following Russia’s full-scale invasion of Ukraine in 2022 – cyber operations have targeted media, public service and civil society actors. Attacks have disrupted essential services and stolen sensitive data, with effects that ripple across borders and supply chains. The lesson is clear: geopolitical instability creates digital risk for civil society and philanthropy alike.

Yet the sector remains underprepared. Many organisations lack in-house cybersecurity expertise or the funding to acquire it. Governance is overstretched and digital security is often siloed from mission delivery. Understandably so – non-profits focus on getting food, legal aid and support to those who need it most. But in today’s world, mission delivery and digital security are inseparable. When defences fail, it’s people who suffer: survivors whose confidentiality is breached or communities cut off from services.

Philanthropy must act on two fronts: protect itself and protect its grantees

First, funders are attractive targets. Grantmaking platforms, due diligence files and board communications hold sensitive data and money-movement workflows. A breach can compromise trust, disrupt operations and weaken entire networks. Second, when grantees lack basic cybersecurity, philanthropic capital can be siphoned off – not toward mission outcomes, but toward recovering from attacks.

To respond effectively, philanthropy must lead on four fronts:

1. Make cybersecurity a core grantmaking priority: Digital resilience should be treated like safeguarding or financial accountability: a standard of responsible stewardship. Funders should ensure grantees have access to essentials like multi-factor authentication, secure backups, timely software patching and incident response plans. These aren’t “extras” – they are mission-critical.

2. Pool resources for systemic impact: No organisation can manage this threat alone. Collective efforts like the Common Good Cyber Fund and the Media Forward Fund show how pooled investment in training, emergency support and shared infrastructure can strengthen the sector as a whole. European philanthropy can build on these models, aligning efforts across borders and issue areas.

3. Invest in talent and partnerships: Cybersecurity is ultimately about people. Europe faces a shortage of skilled professionals and non-profits struggle to compete with the private sector. Philanthropy can help close this gap by supporting fellowships, funding structured volunteering from cybersecurity experts and advocating for public-private collaboration. Initiatives like the CyberPeace Builders program, which connect NGOs with volunteer cybersecurity experts, show how shared knowledge and solidarity can strengthen resilience. Moreover, recent policy developments like the EU’s Corporate Sustainability Reporting Directive may open new pathways for industry to contribute expertise to the public-interest sector.

4. Support organisational development for civil society: Philanthropy should prioritise flexible, non-restrictive funding that enables organisations to invest in core capabilities, build long-term resilience – shifting from a reactive posture to a proactive approach to cybersecurity.

“Potential donors should understand the importance of strengthening the cybersecurity capabilities of NGOs. […] By enhancing the digital resilience of our partners and grantees, we ensure that they are better equipped to safeguard their critical data and systems against an ever-evolving threat landscape.”

– Nuno Abano, European Climate Foundation

The multiplier effect is real. One overlooked vulnerability can undo years of impact. But a timely investment in digital resilience can prevent cascading harm, protect critical services and safeguard the people who rely on them. If philanthropy is the fuel of civil society, we must ensure it isn’t stolen, spilled or set alight.

Safeguarding the digital environment of non-profits and their funders is part of safeguarding our collective future.