The Internet's Defenders Are Running Out of Money—And We're All at Risk

The Internet enables modern life. From the infrastructure that powers our villages and cities and the way we do business, to the ways we communicate with each other and entertain ourselves, all would be rendered useless without the Internet. But along with the rise in Internet use has come an equal rise in attacks and cybercrime. This cybersecurity month, we should honor the nonprofits and NGOs that build and protect key Internet functions. Or we might lose them.

The average person might think for-profit companies like Apple, Google and Microsoft are responsible for keeping digital ecosystems together. In reality, hundreds of nonprofits maintain critical cybersecurity functions for the good of the Internet and all its users, including the most vulnerable and under-resourced in our society. They are not household names, but they are vital to a safe and functioning Internet.

Many of the tools small businesses depend on are run or supported by nonprofits. They use code from open-source libraries like log4J or Django to create their products faster and cheaper. The staff uses open-source software like LibreOffice to keep operating costs down. They may use Quad9 to block malicious websites, Let's Encrypt to encrypt their websites, or Shadowserver to fix network vulnerabilities.

These nonprofits are often run by skeleton crews and volunteers, with razor-thin budgets that rely on donations, grants, sponsorships, and other short-term funding that could be pulled at any time.

When these services aren't available to build and protect technical standards, distribute open-source code, directly protect people, and enhance reliability, everyone suffers.

Small businesses, which represent 99.9% of American businesses, are easy targets for cyberattacks. They have limited defenses and less security awareness compared to larger companies. Across many nations, they are among the most prominent victims of threats like ransomware, which is why they rely on free or low-cost open-source tools. To quote cybersecurity expert Wendy Nather, these institutions are below the "Security Poverty Line," and lack either the knowledge to mitigate cyberattacks or the funds to pay for preventative cybersecurity.

Small businesses represent 43.5% of the American GDP. These underdogs employ 61.6 million people and provide critical products and services to communities across the nation.

Imagining the financial and emotional impact of cybersecurity breaches isn't difficult. Recent scandals have shown that Internet disruptions are more than annoying and costly. They can be catastrophic to a person or company's livelihood.

We've seen headlines about the recent massive data breach involving 2.9 billion Social Security records, and the class action lawsuits that followed. There was also the AT&T hack earlier this year that resulted in millions of customers' personal information, including call and text records, being leaked onto the dark web.

Hacks are known to endanger consumers, tarnish a company's reputation, and result in severe financial losses. IBM says the average data breach for a company with fewer than 500 employees costs $2.98 million.

Long-term cybersecurity issues can create negative ripple effects on communities too. Job losses due to operational challenges reduce local spending and increase consumer costs. When companies go out of business due to these challenges, it also hinders innovation.

That's why nonprofits and NGOs providing free and low-cost cybersecurity tools are vital. These resources reduce cyber risks, enabling small businesses to enhance their defenses. NGOs and nonprofits offer more accessible support than private cybersecurity providers, sparking meaningful community impacts. But, these Internet defenders are running out of money.

With a fragile funding model and rising costs, these good samaritans are finding it harder to give back. Here's what you can do to help these NGOs and nonprofits continue equipping small businesses in your community with the tools they need.

Pledge monthly or annual donations to a cybersecurity nonprofit like Common Good Cyber, or another of your choosing. If you don't have the funds for this, consider providing other resources. Volunteering technical contributions–like code and documentation support–can be highly valuable for an NGO grappling with a high-need population on a limited budget. Industry experts can also contribute effectively to an organization's objectives by providing free mentorship to small business owners.

Raising awareness about the value of open-source cybersecurity tools and engaging with policymakers to support these initiatives can also increase funding opportunities. Community engagement through meetups, hackathons, and conferences are a few places where nonprofits and NGOs can benefit from additional marketing exposure that enhances technology adoption.

The more users share their insights, the easier it will be to optimize open-source tools to fight against the growing wave of cybersecurity risks. Small businesses and other organizations with a limited budget are in the eye of this storm, fighting to protect their homegrown ventures against malicious actors.

The entities responsible for protecting the most vulnerable in society and driving economic growth worldwide are among the least capable of protecting themselves. The charities that feed the hungry and treat the sick, and even small hospitals in developed countries, face massive risks.

However, a more secure digital environment is still within reach. Communities once came together to accomplish work that was impossible to do alone: one farmer could not build a barn, but a community of them could do it in a day.

Cybersecurity is like that now: it involves complex problems whose solutions require the whole community to do their respective parts. And such communities need support to advance their common good.

Collective action from the average person or private donor goes a long way in assisting nonprofits and NGOs in delivering cybersecurity tools, services, and platforms at scale.

The Hague, the globe's landmark of peace and justice, hosted NGO leaders, investors, cybersecurity experts, and other changemakers who came together to launch the BEYOND125 Action Plan, which aims to secure the world's digital future through robust cybersecurity frameworks.

If you value accessible and secure online experiences, now is the time to show your support. Attending these events, donating, and raising awareness about the essential nature of open-source cybersecurity tools is an easy way for you to be a catalyst for change.

Philip Reitinger

Philip R. Reitinger, President and CEO of Global Cyber Alliance (GCA), has served in the U.S. Cyber Crime Center, the U.S. Department of Justice, and as a senior executive within Microsoft and Sony. Alongside advisory positions and volunteer work, Philip is advancing cybersecurity measures that protect businesses and consumers.

Stéphane Duguin

Stéphane Duguin, CEO of CyberPeace Institute, humanitarian, entrepreneur, and investigator has spent two decades tracking cybercrime behavior and providing free educational support to vulnerable groups. As a member of several advisory boards, an accomplished author, and a speaker, Stéphane sheds light on criminal innovation in the age of technology.