We interviewed Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, about educating the public on the safe use of technology, Cybersecurity Awareness Month, scaling that work to underfunded communities, and how efforts like Common Good Cyber can help support nonprofits doing this critical work. 

Can you introduce the National Cybersecurity Alliance and share how your work helps improve cybersecurity awareness and resilience for individuals, businesses, and communities?

The National Cybersecurity Alliance (NCA) is a nonprofit organization on a mission to create a more secure, interconnected world through educating everyone on the safe use of technology. We foster partnerships between the public and private sectors and empower individuals and organizations with free, accessible cybersecurity education and resources.

Our work reaches a wide range of audiences, from small business owners to older adults and everyday consumers. In 2024 alone, we educated more than 20,000 people through webinars, live talks, and other events. Our online hub StaySafeOnline.org receives more than 1.6 million pageviews each year from individuals seeking tips, toolkits, and training materials.

We focus on demystifying cybersecurity and giving people the confidence to make smart, safe decisions online. Our campaigns speak directly to the public, in language they understand, using humor, storytelling, and real-world examples. Whether you’re a parent setting up a device for your children, an HR manager handling online harassment, or a retiree navigating AI scams, our goal is to meet you where you are and provide clear, actionable guidance. 

We are B2B2C (business-to business-to consumer): the same content we publish for the consumer public, we also package into campaign kits for people who want to run a campaign in their company, school, or government entity. 

Cybersecurity Awareness Month has become a major national initiative each October in the United States, and has even expanded to other countries. How do you measure its impact, and what have been some of the most effective strategies to reach and engage the public and private sectors?

Cybersecurity Awareness Month has grown into a powerful, collaborative effort across sectors. In 2024, Cybersecurity Awareness Month generated 20 billion global media impressions and 1.25 billion impressions on social media. It’s a moment each year when cybersecurity takes center stage in the worldwide conversation.

One of our most effective strategies has been developing high-quality toolkits that organizations of any size can use to run their awareness campaigns. These include downloadable tip sheets, social media graphics, sample emails, videos, animations, and web copy. They’re easy to localize and share, which makes it possible for even small teams to make a significant impact.

We also lean into pop culture and storytelling to make cybersecurity approachable. Our webseries “Kubikle,” a dark comedy about cybercriminals working in an office, has racked up over 18 million views. Our “AI: Fools, Stay Sharp” campaign introduced the concept of using a verbal code word to verify loved ones during AI voice clone scams, an idea that resonated strongly across generations. The campaign pages now have over 57,000 pageviews.

Most recently, we launched “Then & Now,” a campaign designed for older adults that breaks down cybersecurity concepts into small, manageable steps. From explaining multifactor authentication or how to spot a scammy text, the campaign uses visual guides and plain language to build confidence.

How do you scale your work to reach under-resourced communities or small businesses that lack dedicated cybersecurity staff?

We put a lot of effort into making sure our cybersecurity information is both accessible and welcoming. That means avoiding jargon, translating resources into multiple languages, and creating content that can be used without a dedicated IT or training and awareness team.

Our Cybersecure My Business program offers an instructor-led virtual course and resources tailored specifically for owners and operators of small businesses, many of whom aren’t deeply technical, but who are making decisions about technology and resources for their business, without completely understanding the risks. Our toolkits are designed to be lightweight but practical, offering step-by-step guidance on everything from securing devices to handling customer data.

We also prioritize outreach to communities underserved by many awareness campaigns. “Then & Now” is one example, focusing on older adults, a group that’s commonly targeted by scams but is often left out of cybersecurity conversations. We build campaigns that are not just about awareness, but about inclusion.

What would be the consequences for the broader cybersecurity ecosystem if NCA’s programs were no longer funded?

Without NCA’s programs, there would be a significant gap in public-facing cybersecurity education, especially in the United States. We play a special role in translating complex, fast-moving cybersecurity issues into clear, relatable guidance for the general public. We also offer free, non-commercialized resources that businesses, schools, government entities and nonprofits rely on to raise awareness and train their communities.

We love to provide free stuff. If our programs were no longer funded, millions of people would lose access to trusted, practical information on staying safe online. The loss would be felt especially in under-resourced communities like small businesses and senior citizens that depend on our freely available toolkits and campaigns. It would also leave a major gap each October during Cybersecurity Awareness Month, when momentum and public engagement are at their peak.

What are the biggest sustainability or funding challenges you face in maintaining and growing your programs, and how are you addressing them?

Like many nonprofits, we operate in an environment where funding can be unpredictable and doesn’t always keep pace with the growing need for public education. The threat landscape is evolving rapidly with emerging threats like AI scams and deepfakes, and scams like pig butchering, so the demand for timely, trustworthy information is higher than ever. Research shows that consumers trust nonprofits more often than the government, for example, so we need to be present with reliable content on social media, in the press, and online. We meet people where they are.

Sustaining and expanding our programs requires long-term investment. While we have generous support from a range of private-sector partners, we’re constantly seeking ways to diversify funding, build resilience, and ensure continuity. More sustainable funding would allow us to deepen our outreach to underserved groups, invest in multilingual resources, and continue producing innovative campaigns like “Kubikle” and “Then & Now.”

We’re proud of what we’ve accomplished with relatively lean resources. In 2024 alone, NCA earned 172 media placements, including national news, TV segments, and radio interviews, resulting in over 3 billion impressions. We also maintain an active, engaged community of over 440,000 followers across social media. We aren’t afraid to boast about our real impact today, but there’s so much more we could do with stable, long-term support.