When telling the story of the Internet, people often place emphasis on notable entrepreneurs and tech companies and the economic value they create. But that’s just part of the story. An often-forgotten part is how much the Internet owes its design and success to the work of nonprofits, researchers, standards bodies, civil society groups, and public-interest institutions that believed the network should work for everyone.
Much of what keeps us safe online still comes from that same ecosystem. Nonprofit and public-interest actors—even volunteers—maintain essential services, share threat intelligence, support incident response, secure core infrastructure, and help high-risk communities withstand online attacks.
But in a world where it has become all too easy and common to leverage technology against people, the job of keeping us safe online has become more difficult and more urgent. All the while, those tasked with critical security work increasingly find themselves outnumbered and outspent by sophisticated malicious actors as they themselves work on tight budgets with uncertain funding.
Protecting Those Most at Risk
Online safety threats show up in numerous ways, from the personal to the political spheres.
We see it in phishing scams that steal identities, empty accounts, and compromise organizations with a single click. We see it in AI-enabled threats that make fraud and impersonation more convincing than ever. And, at another extreme, we see some governments use technology to target people beyond their borders through surveillance, intimidation, and physical threats—what’s known as digital transnational repression.
While cybersecurity threats can impact people and groups across society, recent studies make clear that they disproportionately target already vulnerable groups, including NGOs, journalists, and human rights defenders.
Data from Protect.ngo—an Internet Society Foundation grantee—highlights the scale of the problem, revealing 872,070 threat signals that have targeted NGOs since 2018. A recent study by Cloudflare that examined cyberattacks, by industry, found that they most commonly target organizations in the ‘People and Society’ category. And a Microsoft study found that NGOs and think tanks were among the organizations most at risk for state-sponsored surveillance.
When organizations working in the public interest carry a disproportionate burden for responding to cyberattacks, while also being among the most at risk, it’s simply not a sustainable security model. And if it breaks, we all pay the price.
What’s at Stake for Everyday Users
It takes a lot of work to keep the Internet running safely and securely. The kind of work that, when it’s done well and at scale, users don’t realize is happening at all. But it’s also the kind of work that, if neglected, creates cascading vulnerabilities for end users, particularly those in underserved regions.
A trustworthy Internet underpins everything we do online. Common-good cybersecurity experts help keep the Internet safe and reliable, making everyday activities more secure. They help ensure that when you enter a website address into your browser, you reach the real site rather than a fake one that scammers set up. They support the encryption that helps protect passwords, messages, and other sensitive personal information as it travels across the Internet. They also share information about emerging threats so organizations can respond more quickly and help prevent malware and other attacks from spreading.
If people can’t send private messages, pay bills, access government services, or express themselves online without fearing harassment, theft, or surveillance, then the Internet’s promise of opportunity and connection risks becoming a thing of the past.
The Common Good Cyber Fund Aims to Bolster the Cyber Defense Landscape
To support the far-reaching work of the many organizations that maintain our critical cybersecurity infrastructure, the Common Good Cyber group of nonprofits and the Internet Society have launched the Common Good Cyber Fund Grant Program.
The fund combines Internet Society resources with major contributions from governments and philanthropists, all committed to strengthening the cybersecurity ecosystem. In order to ensure that the fund stays responsive to evolving threats, it also receives expert policy and technical guidance from a Strategic Advisory Committee, which the Global Cyber Alliance (GCA) chairs.
Part of the Internet Society’s USD $40+ million Safer Internet Initiative, the fund is a multi-year endeavor built around a simple premise: for the Internet to be for everyone, we must protect those who protect us online.
We Are Already Seeing What This Kind of Support Can Make Possible
The first open call for applications for the Common Good Cyber Fund launched on 23 June. But the fund’s 2025 pilot grantees are hard at work demonstrating what’s possible.
Take the Shadowserver Foundation, for example, which serves as a key technical partner for global law enforcement. They recently helped shut down two major online crime operations: one that tricked people into giving up login codes, and another that used infected routers to hide criminal activity. Their expertise and shared data enabled national computer security incident response teams in 175 countries and infected network owners to identify and support infected devices.
Then there is the Internet Security Research Group, home of Let’s Encrypt, which currently secures almost 65% of all encrypted webpages globally. The fund’s pilot grant enables them to upgrade the Internet’s core security systems to defend against the code-cracking power of future super-computers, while also forcing digital security badges to expire and refresh much more frequently. This kind of future-proofing ensures that even if a hacker manages to steal a security key, it quickly becomes useless—protecting billions of everyday online interactions from massive, automated attacks before they can even happen.
And there’s the aforementioned Protect.ngo (formerly CyberPeace Institute), which handles the operational fallout for vulnerable civil society groups by deploying emergency multi-factor authentication (MFA) audits and issuing targeted incident alerts. They are using their pilot grant to scale their Builders program, which began in 2021 and has already connected over 1,791 expert volunteers with nonprofits—such as food banks, women’s shelters, and reproductive health organizations—to provide millions of dollars in pro-bono cybersecurity services.
These examples demonstrate that cybersecurity for the common good is a vast ecosystem that includes infrastructure maintainers, threat intelligence providers, incident responders, trainers, researchers, volunteers, and trusted civil society intermediaries who can reach communities that may not have the resources, language access, or political safety to defend themselves alone. Each actor benefits from the work of the others. And the Internet Society is proud to stand with them.
When technology is being weaponized against people, the answer is not to retreat from the Internet. The answer is to strengthen the trusted, public-interest cybersecurity ecosystem of organizations that help people use it safely.
© Atul Loke/Panos for Internet Society
