Civil society refers to non-government groups and institutions that serve public, community, advocacy, charitable, or similar social roles. This includes charities, nonprofits, community associations, unions, religious groups, campaign organisations, and other public-interest bodies. In cyber security, these organisations matter because they often handle sensitive personal data, donor records, advocacy communications, and public services, while operating with limited budgets and small security teams.
That combination makes civil society a practical target for phishing, credential theft, account takeover, website defacement, and disruption. Attackers may seek access to email, volunteer platforms, fundraising systems, or public-facing web accounts, where one weak password or abused recovery process can expose more than expected. Defenders reduce risk with multifactor authentication, least-privilege access, regular access reviews, secure backups, and strong monitoring of public accounts. The term is important because it highlights that cyber risk is not limited to government or business: organisations that support communities can also be high-value targets.



