We interviewed our secretariat members Francesca Bosco, CyberPeace Institute’s Chief Strategy Officer, and Stéphane Duguin, Chief Executive Officer, who are both also active members of Common Good Cyber Secretariat. When NGOs are compromised, they explain, it is not a website that goes down—it is food distribution that stops, medical care that becomes inaccessible, legal aid that’s interrupted—since cybersecurity is, above all, a human security issue.  

Unlike private companies or governments, high-risk actors—like NGOs, journalists, and civil society organizations—often lack the resources to defend themselves against sophisticated cyberattacks. How do you address this gap?

Francesca Bosco: At the CyberPeace Institute, we recognized early on that civil society is not only underserved, but increasingly targeted in cyberspace. These organizations are often doing life-saving work—supporting displaced communities, advocating for human rights, or delivering healthcare in conflict zones—yet they lack the capacity to protect their digital infrastructure from increasingly sophisticated attacks.

To bridge this protection gap, we launched the CyberPeace Builders program, which is a unique collective defense initiative that brings together skilled cybersecurity professionals from the private sector and academia to support NGOs directly. We offer technical support, proactive risk assessments, cyber hygiene training, and tailored responses to incidents. All of this is grounded in trust, context sensitivity, and the understanding that digital resilience is part of operational resilience. 

Importantly, we don’t just offer tools—we offer long-term accompaniment to help organizations build internal capacity and sustain their missions safely. This philosophy is also embodied in the Beyond 125 Action Plan, launched at the Peace Palace in The Hague in collaboration with Common Good Cyber. It’s a global initiative to level the cybersecurity playing field and ensure civil society has access to the tools, services, and platforms needed to defend their work and the communities they serve against cyberattacks and disinformation.

The role of cyber operations in modern conflicts is growing, and many of your initiatives focus on cyber norms and responsible behavior in cyberspace. How do you engage with governments and international organizations to push for stronger cyber governance?

Stéphane Duguin: Modern conflicts no longer happen solely on physical battlegrounds—digital operations are now a standard component of warfare, often with devastating consequences for civilians. The digital domain has become a space where norms, law and accountability are still catching up to the scale and complexity of harm being inflicted.

Our engagement with governments and multilateral institutions is rooted in the principle that International Law must be applied in cyberspace just as it does offline, particularly when it comes to the protection of humanitarian actors and civilian infrastructure.

We act as a bridge between civil society and policymakers, providing evidence-based analysis of cyber incidents and advocating for greater accountability. At the United Nations, for example, we actively contribute to the Open-Ended Working Group on ICTs and other fora by bringing visibility to underreported cyberattacks against NGOs and humanitarian actors. 

We believe that norms in cyberspace must be more than aspirational—they must be actionable. And that’s where we come in: we translate real-world impacts into policy-relevant insights that push states and other stakeholders to uphold responsible behaviour in cyberspace, shaping frameworks that are grounded in human impact, not just technical abstraction.

Can you share a specific success story where the CyberPeace Institute’s work made a significant impact in helping protect vulnerable groups or mitigate a cyber threat?

Francesca Bosco: A powerful example is our work supporting NGOs operating in and around Ukraine during the early phases of the conflict. These organizations were suddenly facing an unprecedented surge in cyberattacks—ranging from phishing campaigns targeting aid workers to DDoS attacks that disrupted emergency services.

In this high-risk environment, our team mobilized quickly to offer tailored cybersecurity support: deploying monitoring tools, assisting with incident response, and helping organizations identify and close digital vulnerabilities. For one local NGO supporting displaced people, our intervention meant the difference between having to shut down operations and being able to continue safely delivering critical services. This case exemplifies the behind-the-scenes impact we aim for—quietly strengthening digital defenses so that frontline organizations can focus on their mission and operate safely despite the digital threats they face.

What have been the biggest obstacles in sustaining the CyberPeace Institute’s mission—whether in terms of funding, operational challenges, or political pressures?

Stéphane Duguin: One of the persistent challenges we face is the global underestimation of the scale and impact of cyber threats targeting the humanitarian and nonprofit sectors. There’s still a misconception that cybersecurity is a technical problem or a private sector responsibility. But when NGOs are compromised, it’s not just a website that goes down—it’s food distribution that stops, medical care that becomes inaccessible, legal aid that’s interrupted, etc. Cybersecurity is a human security issue.

Another obstacle is the geopolitical complexity of attribution and accountability. Many of the actors behind cyberattacks against civil society operate with impunity, and international mechanisms to hold them accountable remain too weak to respond effectively. This puts organizations like ours in a difficult position—we must speak truth to power while maintaining the trust of all stakeholders, including those who may not be politically aligned.

Operationally, we must also navigate the balance between confidentiality and transparency: we protect our partners’ privacy while trying to raise global awareness of the threats they face. Doing that effectively requires both resources and credibility, which is why long-term support from funders and allies is so essential.

What would be the consequences if the CyberPeace Institute were unable to continue its operations? How critical is your role in the broader cybersecurity and human rights landscape?

Francesca Bosco: The CyberPeace Institute fills a unique and urgent gap at the intersection of cybersecurity and human rights. Without our presence, many civil society organizations—especially those operating in high-risk regions—would be left dangerously exposed to digital threats that can paralyze their operations, leak sensitive data, or put lives at risk.

But our role goes beyond individual interventions. We’re building systemic resilience by shaping global norms, creating communities of practice, and demonstrating that cybersecurity and human rights are deeply interconnected. We document harms, highlight patterns, and ensure the human impact of cyberattacks is not overlooked in international discussions. Our work is often the invisible layer that helps underpin broader efforts and if it were to cease, it wouldn’t just be a loss of services—it would be a setback for the vision of cyberspace as a protected, human-centered environment.

How can efforts like Common Good Cyber or other funders best support the CyberPeace Institute’s mission and help scale its impact?

Stéphane Duguin: Strategic funding partnerships like those envisioned by Common Good Cyber are essential to scale our mission. But what we truly value is alignment in vision: recognizing cybersecurity as a foundational element of human dignity, humanitarian action, and social justice.

Support from aligned funders enables us to develop scalable, replicable models like the CyberPeace Builders, invest in threat intelligence capabilities that serve NGOs globally, and expand our research on cyber harms. We also seek partners who can amplify our message and help make the case to broader audiences—from government to philanthropy—that protecting civil society online is not optional. It is a prerequisite for resilient, democratic societies. The more we collaborate across sectors, the more likely we are to tip the balance toward a safer digital world.

A concrete example of meaningful collaboration is our upcoming joint session at the Global Conference on Cyber Capacity Building 2025, where the CyberPeace Institute and Global Cyber Alliance will be co-leading a session on strengthening the cybersecurity capabilities of NGOs. Together, we’ll explore how initiatives like the Common Good Cyber and Beyond125 can offer practical solutions—from better intelligence sharing and data-driven threat analysis to building stronger protection through partnerships. 

It’s all about coming together across sectors to ensure that civil society—and by extension, everyone who depends on its work—can operate safely in today’s increasingly interconnected digital world.