About the opportunity
What this programme is offering
Digital and cyber threats are rising in frequency and sophistication, with disproportionate impacts on vulnerable communities and underserved regions where digital defenses are weakest. High-risk actors, including NGOs, journalists, human rights defenders, and dissidents, face targeted activity that can reach across borders in the online information environment.
The nonprofit cybersecurity ecosystem plays a vital yet under-recognized role in countering these threats, mitigating harm, and defending online civic space. However, this ecosystem remains severely underfunded and overstretched, leaving community actors and vulnerable populations exposed to escalating digital cyber threats.
The Common Good Cyber Fund is designed to strengthen this ecosystem by supporting the nonprofits who provide these critical services. An initial pilot program was initiated in late 2025, which provided a proof of concept for an open call for applications launching in June 2026.
CGCF Program Objectives
The Common Good Cyber Fund seeks to fund nonprofits across the globe whose work supports the following objectives:
Objective 1: Maintenance of critical cybersecurity infrastructure.
Objective 2: Delivery of scalable support to secure Internet users from digital harm,
Objective 3: Advancement of a safer Internet for vulnerable groups and high-risk communities, including civil society and journalists.
The descriptions below provide additional detail on what the program objectives look like in practice. Applicant organizations’ work may span more than one of these objectives, but proposals must indicate the primary objective their work aligns with in their application.
Objective 1: Maintenance of Critical Cybersecurity Infrastructure
This program objective supports the Internet’s shared security “plumbing”, the technical services and operational capabilities that many organizations rely on, but few can fund on their own. Strong proposals deliver durable improvements that reduce risk beyond a single organization or community and are designed to keep working after the grant ends.
Examples of work supported under this objective can include:
internet infrastructure protection, including DNS security, routing security, secure defaults, and other widely deployed controls
large-scale threat detection and analysis, including noncommercial threat intelligence that can be shared responsibly
response-enabling services that help others act faster, including tooling, coordination, automation, and operational support
maintenance and improvement of security-relevant open systems where long-term upkeep is the primary constraint
Objective 2: Delivery of Scalable Support to Secure Internet Users from Digital Harm, Including State-Directed Cyber Activity and Digital Transnational Repression
This program objective funds capabilities that protect people and organizations facing persistent digital threats, including state-directed cyber activity and digital transnational repression (DTNR). It prioritizes approaches that help high-risk users prevent compromise, respond quickly, and recover safely.
Examples of work supported under this objective can include:
rapid response and incident assistance for civil society and independent media, including account takeover recovery, device triage, and secure restoration workflows
threat-informed hardening and secure onboarding for high-risk users, including safer email and endpoint practices, multi-factor authentication (MFA), account recovery, backups, and secure communications, tailored to real attacker tradecraft
protective service delivery at scale, including managed support models, “clinics,” remote assistance, and regional responder networks that can handle volume without lowering quality
privacy-preserving coordination and information sharing that surfaces patterns and actionable indicators without exposing beneficiaries or partners
This objective also recognizes that targeted digital harm is not evenly distributed. DTNR and related campaigns can include gendered tactics, including sexualized harassment and smear campaigns that disproportionately target women in public-facing roles.
Objective 3: Advancement of a Safer Internet for Vulnerable Groups and High-Risk Communities, Including Civil Society and Journalists
This program objective supports work that translates operational insight into safer outcomes for vulnerable groups and high-risk communities, including civil society and journalists. In this program, advocacy is eligible when it is tightly connected to security outcomes, such as adoption of safer practices, improved protective mechanisms, and stronger coordination that reduces exposure to harm.
Examples of work supported under this focus area can include:
evidence-based policy or standards work grounded in operational threat realities, aimed at concrete improvements in protective practice, platform safeguards, or security defaults
responsible vulnerability and abuse reporting pathways, including coordination that improves how threats are surfaced and mitigated without increasing exposure for targets
norms and coordination mechanisms that improve ecosystem response, such as incident coordination protocols, trusted escalation channels, and shared approaches to protecting at-risk groups
Eligibility and Selection Criteria
CGCF supports nonprofit organizations whose work aligns with the Fund’s objectives and who provide cybersecurity infrastructure and/or direct services for high-risk digital actors.
In 2026, CGCF expects to prioritize organizations capable of ecosystem building, especially those based in the global majority, or those with the capacity to regrant to smaller organizations working in the global majority. Organizations who demonstrate a history of addressing issues of gender equity, including technology-facilitated gender-based violence (TFGBV), will be additionally prioritized when applying for grants aligned with Objectives 2 and 3.
How to apply