Closing the cyber equity gap: How collective investment can secure the internet for everyone

Cybercrime is often seen as a tug-of-war: criminals innovating to stay ahead of countermeasures, while governments work to hold criminals accountable. The private sector tends to sit in the middle, trying to maximize profit while protecting customers and complying with law enforcement.

Nonprofit organizations, however, also have a quiet but essential role in keeping the internet secure.

For example, standards bodies develop the technical protocols that allow networks to interoperate safely. Open-source projects maintain critical cybersecurity tools. Infrastructure nonprofits safeguard the naming, numbering and routing systems that underpin the internet’s functionality.

Meanwhile, national and regional computer emergency response teams provide rapid response and coordination when there are incidents.

These are just a few types of organizations working in the public interest. Together, they build trust, foster resilience and enable collaboration in ways neither governments nor the private sector could achieve alone.

However, nonprofits remain grossly underfunded to sustain their role in the systemic defence against cybercrime. The result is a global security gap that leaves individuals, institutions and entire nations exposed.

Nonprofits operate across borders, provide shared defence tools and build trust among stakeholders that might otherwise remain siloed. Expecting them to perform these functions without systemic support is shortsighted and dangerous, and it is not sustainable over the long run.

Those most at risk lie below what experts call the “security poverty line.” Schools, medical practices, journalists, government watchdogs and civil society organizations are among the least equipped to defend themselves, even as they face the most devastating consequences of cyberattacks.

This vulnerability is not anecdotal. Survey data from the World Economic Forum’s Global Cybersecurity Outlook 2026 shows that cyber capacity remains deeply uneven across regions, sectors and organization sizes, creating systemic risk that extends beyond individual entities.

Small organizations are twice as likely to report insufficient cyber resilience, while across sectors, 37% of NGOs and 23% of public-sector organizations report inadequate resilience, compared with just 11% in the private sector.

These disparities expose entire interconnected ecosystems and supply chains to cascading cyber risk, reinforcing what experts increasingly describe as cyber inequity.

Some of these vulnerable communities are at risk of becoming victims of digital transnational repression, where authoritarian regimes extend their reach online to silence, harass or endanger dissidents.

Beyond resource gaps, civil society faces a uniquely dense threat landscape. In the CyberPeace Institute, CyberPeace Tracer has recorded over 600,000 digital threats against NGOs since 2018.

These include hundreds of thousands of phishing attempts and exposed credentials, a volume of attacks comparable to those faced by much larger, better-resourced sectors and far exceeding what most civil society organizations are equipped to detect or absorb.

These attacks don’t just compromise data; they disrupt essential services and programmes that support vulnerable populations, highlighting the urgency of elevating digital resilience as a core strategic imperative.

One of the most significant drivers of this inequity is the global shortage of cybersecurity skills. According to the Global Cybersecurity Outlook 2026, lack of cybersecurity expertise ranks as the second-most significant resilience challenge for NGOs (51%) and the public sector (57%).

Among organizations reporting insufficient cyber resilience, 85% also report missing critical skills and personnel, compared with just 22% of highly resilient organizations.

These gaps are most acute in regions already facing elevated cyber risk, including Latin America and the Caribbean and sub-Saharan Africa, where organizations report a lack of skills needed to meet cybersecurity objectives.

We have to ensure that anyone can play their role in securing the internet for everyone. One solution has been the launch of the Common Good Cyber Fund by a coalition of nonprofits in collaboration with Internet Society to help fund organizations dedicated to protecting the public interest online.

Backed by the Group of Seven (G7) leaders, the initiative would allow governments and the private sector to pool resources to help nonprofits scale their impact, target support to high-risk and vulnerable actors, and continue delivering systemic defences that benefit everyone.

The fund is a financial tool but also a catalyst for change. Creating a platform for joint investment allows funders and nonprofits to align on priorities, evaluate interventions more effectively and reduce the overhead costs that burden donors and grantees. In doing so, it builds a stronger, more resilient foundation for the collective defence of the internet.

Cybercrime is global, fast-moving and highly profitable. Countering it requires each part of the ecosystem to play its role, including nonprofits.