At a gathering at the Peace Palace in The Hague, civil society organisations from across sectors raised urgent concerns about a growing wave of cyberattacks targeting their work. Coordinated with the International Civil Society Centre, organisations such as WaterAid International, Doctors Without Borders, and Reporters Without Borders warned that digital threats are increasingly being used to disrupt humanitarian action, human rights advocacy, and independent journalism.
Civil society now operates in an environment where crises converge rather than occur in isolation. Armed conflict, political instability, disinformation, and cyber threats reinforce one another, placing enormous strain on organisations that serve as the backbone of social resilience. Despite their central role, many non-profits continue to operate with limited cybersecurity protections, leaving them exposed at a time when digital risk is escalating rapidly.
Research by the CyberPeace Institute highlights the scale of this vulnerability. Across just 38 organisations, nearly a thousand security weaknesses were identified, underscoring how underprotected the sector remains. Civil society organisations often manage highly sensitive information, including data related to survivors of violence, whistleblowers, humanitarian operations, and funding flows, making them attractive targets for attackers driven by political, ideological, or financial motives.
Global data confirms that these threats are not isolated incidents. Since 2018, hundreds of thousands of digital attacks have targeted civil society organisations worldwide, including large-scale phishing campaigns and widespread credential exposure. Humanitarian organisations alone have faced tens of thousands of threats, even as they operate under intense pressure in crisis settings. Reports indicate that non-governmental organisations are now among the primary targets of nation-state cyber operations, pointing to a persistent and structural risk rather than a temporary surge.
In response, the CyberPeace Institute and its partners have launched a global action plan aimed at protecting a critical mass of non-profits. The initiative seeks to narrow the gap between rising cyber threats and limited organisational resources by offering technical assistance, targeted funding, and coordinated strategic support. The objective is to strengthen collective resilience across the sector rather than leaving individual organisations to face these risks alone.
Philanthropic institutions are also deeply implicated in this threat landscape. As funders of public-interest work, they hold sensitive financial, governance, and operational data that can be exploited by attackers. When cyber incidents disrupt services or compromise beneficiary information, the consequences extend beyond financial loss to include reputational damage and harm to vulnerable communities. Cybersecurity has therefore become a shared responsibility between funders and the organisations they support.
Broader geopolitical dynamics further intensify these risks, particularly in Europe. Since 2014, and more sharply following the escalation of the war in Ukraine in 2022, cyber operations have increasingly targeted media, public services, and civil society actors. Attacks have disrupted essential functions and enabled data theft, with impacts that cross national borders and affect entire networks. This environment demonstrates how geopolitical instability translates directly into digital risk for civil society and philanthropy alike.
Despite these realities, many organisations remain underprepared. Limited funding, overstretched governance, and a lack of in-house cybersecurity expertise mean that digital security is often treated as secondary to programmatic delivery. However, in today’s context, operational effectiveness and cybersecurity are inseparable. When systems fail, it is ultimately people who bear the cost, whether through breaches of confidentiality or loss of access to critical services.
The growing consensus across the sector is that cybersecurity must be recognised as an essential component of responsible civil society and philanthropic practice. Strengthening digital resilience is no longer optional but fundamental to protecting missions, safeguarding beneficiaries, and ensuring that organisations can continue to operate in an increasingly hostile digital environment.
