Community organizations, including hospitals, schools, utilities, and municipal governments, continue to face increasing threats from cyberattacks despite their limited resources. Cybersecurity experts now advocate for a coordinated support system, stressing that collaboration with government agencies and private sector partners can help fill the gaps left by these organizations’ constrained budgets and lack of specialist staff. Calls for action highlight the need to prevent essential services from being jeopardized by insufficient digital protections. Such efforts seek not only to protect data, but also to ensure the stability of public infrastructure. The landscape of attackers constantly evolves, motivating further examination of how these community organizations can be empowered to withstand digital risks.
Earlier recommendations often focused on improving internal cyber hygiene or offering basic training for staff at these organizations. However, recent incidents such as ransomware attacks on hospitals and schools have shown that high-level threats can quickly overwhelm local capabilities. Reports in the past emphasized the vulnerability of so-called “target rich, resource poor” entities without offering scalable solutions. Growing evidence now suggests that coordinated involvement from external volunteers for cybersecurity response is essential, especially as the frequency and sophistication of attacks increase.
Why Do Community Organizations Need Help?
Community organizations serve as vital parts of national infrastructure but lack the cyber defenses that larger entities employ. They often operate with limited IT staff and do not have the capacity to develop or maintain robust cybersecurity systems. As a result, these groups have become preferred targets for ransomware operators and malicious foreign actors, who recognize the critical nature of their operations and the low barriers to attack. The CyberPeace Institute recorded approximately 43,000 cyber incidents affecting these organizations over a two-year span, underscoring the urgency of developing a more resilient approach.
How Can Private Sector and Government Partnerships Assist?
The need for wider partnerships is evident in calls to expand volunteer cyber programs and develop shared security services for smaller organizations. Technology manufacturers are encouraged to produce software and hardware that is easier and safer to use, reducing the onus on under-resourced buyers. Some states are already experimenting with centralized security services to help local entities, reflecting steps previously taken by federal agencies such as the Department of Homeland Security. Efforts to rally cyber volunteers, such as the new cybervolunteers.us platform, aim to connect those needing assistance with those able to offer it.
What Challenges Remain for Organizing a Volunteer Effort?
Setting up large-scale volunteer support poses organizational hurdles: matching skilled experts to local agencies, maintaining ongoing relationships, and building cyber expertise that endures beyond temporary interventions. The University of California Berkeley Center for Long Term Cybersecurity, in partnership with the CyberPeace Institute, leads the Cyber Resilience Corps to address these issues. However, logistical difficulties in volunteer recruitment and retention persist, as many volunteers are scattered and organizations in need struggle to locate them.
“We don’t even know who else is out there; organizations in need don’t know how to find us,”
said Ann Cleaveland, executive director of CLTC, capturing a common refrain among cyber volunteer groups.
Efforts to unite organizations and volunteers have gained traction as leaders in cybersecurity openly acknowledge limitations in the current system. Sarah Powazek, program director at CLTC, recognized that leaving smaller and rural organizations to defend themselves is no longer viable, especially as state-backed adversaries become more aggressive. Strategies to address these obstacles include building long-lasting community-based cyber competencies and increasing the visibility and coordination among cyber volunteers nationwide.
Expanding support for community organizations requires genuine collaboration between government, private enterprise, and skilled volunteers. Without scalable, collective solutions, resource-poor but essential groups will remain susceptible to disruption. Implementation also depends on manufacturers designing secure products by default and the public sector setting up accessible shared services. Enhanced coordination can reduce response times to incidents, foster mutual aid networks, and support trainings that address the unique challenges faced by local institutions. For readers involved with these organizations, identifying reliable partners and advocating for systemic outreach are actionable steps that could help close critical gaps in cybersecurity readiness.
