Research Brief

Who Targets Civil Society and Why? Drivers, Perpetrators, and Gendered Dimensions of Cyber Threats in Southeast Asia

CSOs and WCSOs in Southeast Asia face cyber threats driven by ideological opposition, state actors, and financial motives.

Publication Date
1 Jul 2026
Authors
Elena Piccinelli Jaimee Stuart
Download PDF

Civil society organizations (CSOs) comprise a diverse group of entities that aim to fill critical gaps in services, support, and advocacy for citizens where needs are not met by governments and businesses. In a world where information and communication technologies (ICTs) are increasingly integrated into all aspects of life, research finds that CSOs are utilizing technology to meet their missions, to facilitate outreach to citizens and donors, to deliver services, and to enable public awareness campaigns. To this end, digital technologies have been found to positively transform the working conditions of CSOs by increasing efficiency, enabling greater reach and impact, reducing workload, supporting more effective planning, and increasing digital literacy. From information sharing to data management and operations, digital technologies can act to simplify and streamline functioning as well as open access to knowledge and communication channels, which are critical for CSOs who often work in resource-constrained contexts or with hard-to-reach communities. However, as these organizations have grown more dependent on digital tools, their exposure to cyber threats has expanded in parallel, often without a commensurate increase in the resources, skills, or protections needed to manage the novel risks posed by digital technologies.

Cyber threats broadly refer to incidents that have the potential to cause harm to individuals, organizations, and entities by infiltrating technological systems and exploiting the ways in which they are used for the benefit of perpetrators. Cyber threats are wide ranging and span from technically oriented attacks such as hacking (i.e., the attempt to gain unauthorized access to or control over a computer) and malware (i.e., malicious software designed to compromise or breach data), to threats that leverage psychological manipulation such as phishing (i.e., communications designed to trick people into falling for a scam), and those that use social tools and platforms such as and online harassment, trolling, and disinformation. The objectives of and harms caused by cyber threats are diverse; some are specifically aimed at stealing data, whether for harassment (e.g., doxxing) or financial gain (e.g., ransomware), and others are aimed at undermining a person or their cause, silencing or delegitimizing a victim, or spreading false and malicious information.

Recent research highlights that CSOs are at a high risk of all types of cyber threats. The frequency of these incidents varies, with some facing these daily and others encountering them on a monthly or annual basis. Furthermore, in some contexts, the civil society sector operates under conditions that create specific and compounding vulnerabilities in managing these threats. Specifically, organizations are typically resourceconstrained, with limited capacity to invest in cybersecurity systems, training, or personnel. They handle sensitive data about vulnerable populations, including survivors of violence, activists in politically repressive environments, and other individuals whose information is of significant value to hostile actors. Additionally, in some countries, the political environments range from ambivalent to hostile towards the work of CSOs. Notably, in several Southeast Asian countries, governments have used cybercrime legislation, surveillance, and disinformation as tools to monitor, discredit, and suppress civil society activity. 

Of critical importance, there is increasing evidence to suggest that CSOs who have an explicit commitment to advocating for women’s rights and promoting gender equality (i.e., women CSOs/WCSOs) are even more likely than CSOs to be targeted by cyber threats, and these threats tend to be gendered or sexualized in nature, such as online sexual harassment, stalking, intimate image-sharing, and sextortion. This reinforces findings from international research showing that women and women advocates in public life such as journalists, human rights defenders, politicians, and feminist activists are disproportionately affected by online violence and misogyny that seeks to undermine efforts at equality and silence women’s voices and gender equality discourse from civic spaces. 

In a recent project with both CSOs and WCSOs across Southeast Asia, WCSOs were found to face gendered and sexualized online harassment, trolling, doxxing, impersonation, and cyber-bombing at higher rates than CSOs. The research also found that despite being largely aware of these risks, WCSOs were not necessarily able or ready to prepare for or actively recover from cyber threats. In this context, where patriarchal norms remain deeply embedded and where advocacy for women’s and girls’ rights is frequently characterized as politically or culturally subversive, these dynamics take on particular intensity. Therefore, WCSOs face a multilayered threat: they share the cybersecurity vulnerabilities common to many other CSOs, while simultaneously being targeted for their focus on gendered issues.

The prior research points towards a concerning reality for both CSOs and WCSOs, that even though digital technologies offer many benefits to support their work, they also open the possibilities of cyber threats. What is still unknown, however, is why these attacks and who is perpetrating them as understood by CSOs themselves. Perceptions of the perpetrators and their motivations carry practical significance for how organizations understand their cyber risk and calibrate their responses, and ultimately contribute to shaping policies that accurately reflect the reality of these organizations and can address their cybersecurity needs.