2026-06-185 min readTwelve years ago this month, Cloudflare launched an ambitious project built on a simple idea: people shouldn’t be knocked offline just because someone more powerful disagrees with them. Today, Project Galileo provides free access to cybersecurity services to more than 3,400 websites belonging to journalists, human rights defenders, and other nonprofit organizations in 120 countries. We continue to believe that a better Internet is one where anyone with an idea can reach a global audience. Each year on the anniversary of Project Galileo, we announce new products, programs, and strategic partnerships. To celebrate our 12th anniversary this year, we’re publishing our first comprehensive report on cyberattacks targeting civil society, releasing case studies that explore the security needs of 16 Project Galileo participants, and announcing new project partners.
Introducing a new annual report on cyberattacks against global civil society
Because Project Galileo now includes 3,400 domains belonging to organizations in over 120 countries, Cloudflare has access to unique data regarding the cyber threats, attacks, and trends targeting civil society — a critical pillar of global democracy. In addition, because the Cloudflare network spans more than 335 cities in 125 countries and more than 20% of the web sits behind it, we were also able to compare attacks targeting civil society with those targeting the Internet more broadly. The full report can be explored here.This year’s data demonstrates that civil society organizations were targeted more frequently, and often more intensely, than other Internet users. Cyberattacks often coincided with critical moments in civil society’s work, such as publishing investigative reporting or conducting public advocacy. Our key findings include: DDoS attacks were the most common cyber threat against civil society. Their defining feature was duration, with some spanning days and weeks.Civil society groups faced attempts to exploit website vulnerabilities at a rate more than seven times higher than other Cloudflare customers. Media organizations were disproportionately impacted.Journalists operating in exile faced a rate of malicious traffic that was nearly four times higher than journalism organizations overall. Nearly 10% of all emails Cloudflare processed for civil society included potential phishing material. We conclude our report with a call to action: ensure simple and affordable cybersecurity for all, expand transparency about cyberattacks and Internet shutdowns, and embed AI and post-quantum protections into security tools by default. We hope this report can serve as a resource for civil society, policymakers, and the broader public seeking to understand and respond to cyberattacks. Moving forward, we plan to produce it annually, allowing us to compare cyber threat trends over time.






