While organizations across the board are increasingly aware of cyber threats and the importance of enhancing their digital defenses, one crucial sector often remains overlooked: nonprofits. Nonprofits play a vital role in providing essential services. They are frequently lifelines for our society, especially for vulnerable communities, making their cybersecurity a matter of critical importance.
Unfortunately, due to their recent digital transformation, these organizations are more vulnerable than ever. The implications of cyber intrusions extend far beyond their effect on these organizations themselves. Cyber intrusions impact the people they serve, the services they provide, and the communities they uplift who are most at risk. In the US, 11% of the population lives under the poverty line. Food banks, shelters, nonprofit healthcare organizations are vital to the most vulnerable in our society.
Another equally pressing issue is exacerbating this situation: the severe talent shortage in the cybersecurity industry. While there are 1.1 million cybersecurity professionals in the United States, over half a million positions in the sector remain vacant. For nonprofits with limited budgets, hiring or retaining cybersecurity experts that command high salaries is a monumental challenge. Projections indicate that the talent shortage may soar to 3.5 million by 2030 worldwide, leaving nonprofits in a precarious situation with minimal hope of receiving the protection they urgently need.
Fortunately, there’s a silver lining: An increasing number of public, private and civil society organizations have identified this urgent concern and are taking meaningful steps to address it.
The Cybersecurity and Infrastructure Security Agency (CISA) is leading the charge with its High-Risk Communities Initiative. In collaboration with industry and civil society partners, CISA’s Joint Cyber Defense Collaborative has developed a cyber defense plan to shore up defenses for the high-risk communities that play a vital role in sustaining a healthy democracy.
As CISA Director Jen Easterly said, “Malicious cyber actors routinely target not only a wide range of U.S. and allied governments, businesses, and critical infrastructure, but also civil society organizations, who are often the most vulnerable and least well-resourced to protect themselves. Such attacks against target-rich, cyber-poor nonprofits threaten to undermine the democratic values we collectively cherish. CISA, along with international partners, recognizes the necessity of joining forces to safeguard civil society organizations and other high-risk communities from the ever-increasing threat of malicious cyber activities.”
So, what’s the solution? One innovative response to this pressing issue are cyber volunteers.
The CyberPeace Builders is one such network of cyber volunteers with a remarkable vision: to connect every cybersecurity professional with every nonprofit in the world. The goal is clear: to protect the vulnerable, to shield the critical services that nonprofits provide, and to bridge the growing cybersecurity talent gap.
The CyberPeace Builders offer a unique solution, connecting nonprofits with corporate cyber volunteers. This groundbreaking approach has compelling value propositions for both nonprofits and corporations. Nonprofits get access to top talent and cyber-threat intelligence for free, and to a trusted and supportive community locally, and globally. Corporate sponsors benefit from compelling, snackable employee engagement opportunities and the chance to align business interest with social impact. The initiative, in turn, is designed to achieve financial sustainability by charging companies for their participation, creating a self-reinforcing cycle of support.
Stéphane Duguin, CEO of the CyberPeace Institute, affirms: “Our model is designed for long-term success, with scalability and financial sustainability embedded from the start.” While this model isn’t a definitive solution to the overarching cybersecurity challenges, it represents a significant step in bridging the current talent gap for nonprofit cybersecurity. The initiative has already made remarkable progress, with over 700 CyberPeace Builders assisting more than 240 nonprofits worldwide. Corporate giants like Adobe, CapGemini, HPE, Inditex, Logitech, Marsh, Mastercard, Microsoft, Okta, Rapid7, Splunk, WithSecure, Zurich and many others have joined the mission, along with philanthropic donors offering essential seed funding”.
The CyberPeace Institute, headquartered in Switzerland, has been strengthening its engagement with a wide and diverse range of US-based organizations committed to cybersecurity for the public good. We’re part of the steering committee of CISA’s High-Risk Communities Initiative, collaborate closely with Berkeley’s Center for Long Term Cybersecurity (CLTC), the Global Cyber Alliance (GCA) on various fronts, but also TechSou, the Cyber Threat Alliance and several others. We were also part of the Ransomware Task Force led by the Institute for Security Technology, and we regularly present our work at US cybersecurity conferences like DEFCON, BSides, RSA and GoodTechFest.
Craig Newmark Philanthropies, known for its generous support of cyber civil defense initiatives aimed at educating and protecting Americans amid escalating cybersecurity threats, such as CLTC or GCA, has played a pivotal role in empowering the CyberPeace Builders in 2022. Craig Newmark is increasing his support to the initiative by giving $500k to enable the CyberPeace Builders to further develop our matchmaking platform. The grants from Craig Newmark are a testament to his dedication to strengthening digital security and ensuring the protection of digital lives in the face of new and evolving cybersecurity threats. “CyberPeace Institute’s work aligns with our mission to support and protect those helping others, including NGOs. Together, we form a network for collective defense, where regular people, including cyber volunteers, collaborate to safeguard our way of life.”
The Hewlett Foundation, one of the founders of the Institute, is giving us another $150k as part of a final round of grantmaking for its Cyber Initiative, to support the progressive expansion of the CyberPeace Builders in the US. In addition, Splunk, a leading cybersecurity and observability provider, has donated financial support as part of its field-building programme, to help the Institute provide actionable cyber-threat intelligence to NGO’s in a timely fashion, building on an internal prototype leveraging AI/ML. “We believe making data more accessible, open, and secure is essential to addressing today’s most pressing global challenges and we are proud to support the work of CyberPeace Institute to enhance online safety for all social change agents.” –Kriss Deiglmeier, Chief Global Impact Officer, Splunk
The collaborative efforts of organizations like CISA, Craig Newmark Philanthropies, Hewlett, Splunk and the CyberPeace Institute, along with the support from many other civil society actors, donors, corporate sponsors and cyber volunteers, are making a significant impact in enhancing cyber resilience of high-risk communities around the world. With continued support and expansion, our collective mission to protect vulnerable populations and bridge the cyber talent gap is well on its way.