As nonprofits and mission-based organizations increasingly rely on digital tools to connect, fundraise, and deliver services, protecting their data and communities has become essential. To explore how the importance of cybersecurity can serve the public good, we spoke with the Global Cyber Alliance (GCA), a nonprofit working to make digital safety more accessible through initiatives like Common Good Cyber and Nonprofit Cyber. Together, these programs are helping level the playing field and empower organizations of all sizes to build resilience online.
This is part two of a two part conversation.
1. Partnerships are essential in cybersecurity. How do Common Good Cyber (CGC) and Nonprofit Cyber collaborate with organizations to expand access to security resources for nonprofits?
No single organization can protect the Internet alone. Common Good Cyber and Nonprofit Cyber collaborate closely with organizations across the cybersecurity ecosystem to expand access to trusted security resources and strengthen collective resilience. Chaired by the Global Cyber Alliance, , these initiatives identify and involve organizations that bring unique skills and expertise, from technical innovation and policy insight to community building and program delivery. By working together as one coordinated community, our collective impact is far greater than any could achieve individually.
As these initiatives continue to grow, so does the reach and effectiveness of their programs. The result is a stronger, more secure Internet, where mission-driven and under-resourced organizations can operate safely, and where everyone benefits from a more resilient digital ecosystem.
Together, we can sustain the nonprofits that make the Internet safer for everyone and protect the digital foundation of modern life.
2. Can you share an example of how this collaboration has helped an organization improve their security or respond to a cyber challenge?
One powerful case study comes from a collaborative initiative in the Hague with The Shadowserver Foundation and CyberPeace Institute, conducted alongside The Hague Humanity Hub and Connect2Trust. The project aimed to boost the cyber resilience of local NGOs, many of whom face limited cybersecurity capacity despite handling sensitive data and operating in high-risk environments.
Launched in early 2023, it has already reached more than 200 NGOs. The program raises cybersecurity awareness among the NGO community and supports them with hands-on, proactive, and localized support and tailored threat analysis. Many NGOs served through the project had exposures of common known vulnerabilities, and received critical alerts to patch their systems. The findings of the project are published in a public report available here.
3. Cybersecurity isn’t just a technology issue, it’s also about people and behavior. What role can nonprofit leaders play in creating a culture of security within their own organizations?
Cybersecurity must be seen as part of how their mission succeeds, and leadership sets the tone. When executives talk openly about cybersecurity, prioritize training, and model good habits, it signals that security is everyone’s responsibility, not just the IT team’s.
Integrate cybersecurity into onboarding, policies, and daily workflows. Encourage staff and volunteers to report suspicious activity without fear of blame. Build a culture of trust and continuous learning.
4. As cyber threats evolve, what new challenges or priorities is Common Good Cyber preparing to address?
We’re focused on understanding and addressing the systemic risks that affect not just individual organizations, but the resilience of the Internet ecosystem as a whole. Common Good Cyber’s research projects bridge gaps between policy, practice, and people, ensuring that mission-driven organizations and their communities aren’t left behind as threats grow more complex.
We’re studying how public-interest organizations manage risk with limited resources and mapping where support systems and shared defenses can make the greatest impact. By connecting technical experts, policymakers, community leaders, and philanthropists, we’re working to ensure that cybersecurity serves the common good: enabling a safer, more trustworthy digital future for everyone.
5. How does this work contribute to the larger mission of a safer Internet for everyone?
The nonprofits supporting the Internet may not be household names, but they enable small businesses to protect customer data, hospitals to keep life-saving systems online, nonprofits to focus on their missions, and communities everywhere to thrive in a digital world. Many of the Internet’s essential defenses, like MITRE ATT&CK, Quad9, or Shadowserver’s global threat monitoring, are free to use but expensive to maintain. Their value extends far beyond cybersecurity: they protect the digital foundation that powers our economies, democracies, and everyday lives.
We believe that cybersecurity is a shared responsibility. It requires collective action, with donors, volunteers, businesses, and policymakers all playing a role. Together, we can sustain the nonprofits that make the Internet safer, while also helping mission-based organizations around the world to find the cybersecurity resources they need to protect themselves and their communities.
6. What is one action that every .ORG can take today to make their organization more secure online?
The Cybersecurity Awareness Month campaign’s “Core 4” message rings true all year—simple, high-impact steps that dramatically reduce risk:
- Use strong, unique passwords, ideally with a password manager.
- Turn on multifactor authentication (MFA) everywhere it’s available.
- Update software and systems regularly to close known vulnerabilities.
- Back up important data securely and test recovery plans.
These four actions address the majority of common attacks and don’t require large budgets or complex tools. Cybersecurity starts with small, consistent actions.
Learn more about the Global Cyber Alliance, Common Good Cyber, and Nonprofit Cyber in Part One.