Journalists & Cyber Threats

How can we better ensure the digital security of the press and protect against cyber threats?

Download Quick Read

TL;DR

Widespread cyber threats to journalists and sources Journalists and their sources face a range of digital attacks globally — spyware, malware, surveillance, phishing, ransomware, and DDoS attacks. These threats are coming from state actors, powerful individuals, corporate entities, extremist groups, and criminal networks.

Serious consequences for safety, trust, and journalism practice These digital threats risk physical safety, privacy, and mental health of journalists. They also undermine whistleblower protection and source confidentiality, which in turn erodes public trust. Journalists’ capacity to report freely — particularly on sensitive topics — is constrained.

Inequality in capacity to defend against threats News organizations in wealthier, stable, “Western” settings are generally better resourced and more able to adopt protective technologies and secure practices, while smaller, independent, freelance, non-Western, or exiled journalists often lack the means.

Legislation is growing but has gaps and risks Many countries have enacted cybercrime or digital security laws, but these often use vague or broad definitions, lack sufficient safeguards for press freedom, may force tech intermediaries to hand over private data, or curtail useful tools like encryption or VPN usage. Some laws intended to protect national security or public order can be used to target journalists instead.

Need for collective and multi-stakeholder solutions Protecting journalists requires coordination among policymakers, platforms/ tech companies, news-organizations, civil society, and researchers. Key strategies include clearer and narrowly-drawn legal protections, promoting information security culture in newsrooms, training and tools for digital security, secure communication methods, and better data and empirical research to track threats and responses.

Table of Contents

CNTI’s Assessment

The digital security of news organizations, journalists and their sources is under threat in many parts of the world. Digital security attacks can range from spyware, account hacking, distributed denial of service (DDoS) and malware, among many other threats. These threats, in addition to their intrusive nature, can also violate journalists’ sense of safety and security, creating a chilling effect and harming the broader information environment.

Policy deliberation: At the governmental level, it is important for policymakers to recognize the very real threats impacting journalists and sources and ensure that digital policy initiatives protect them. However, at the same time, these policies must not threaten freedom of expression, basic privacy rights or encryption and virtual private network (VPN) protections. Additionally, it is often governments that are using spyware against journalists. Governments must not surveil journalists or sources but instead foster an environment that encourages free speech.

Professional support: News organizations must proactively educate their journalists and other staff on cyber threats and provide support for those who are targeted. Journalists need to adopt strong digital security practices, such as multi-factor authentication and basic digital hygiene. Additionally, by sharing experiences of cyberattacks, journalists and news organizations have the opportunity to learn from each other and reduce the impact of these events.

Government: While technology companies can establish and protect human rights and privacy safeguards, they also must navigate challenging state demands. At times, governments pressure companies to provide private data and other information on their users, sometimes through legislation. Although this data may help governments with national security issues, there is a difficult balancing act, as complying with these state demands can also facilitate governments’ abuses of power, and refusing to comply can result in bans or market losses. Technology companies need to ensure that working with governments to protect people does not put fundamental rights at risk.

The Issue

Journalists and their sources face digital security threats globally from a variety of actors, including states, corporations and criminal organizations. As cybersecurity concerns evolve and become a part of everyday life, they are becoming a critical concern for policymakers: as of 2025, 90% of countries have enacted cybercrime legislation.

These threats can take a variety of forms. Malware is a broad term for malicious software designed to disrupt systems, steal data or gain unauthorized access. Spyware, a type of malware, is designed to enter and steal data from a computer system to a different party.  Ransomware is a different kind of malware that encrypts the victims’ files, making them inaccessible. Often, attackers will demand a ransom in exchange for restoring access. Phishing attacks use fraudulent messages through email, SMS or other methods to trick individuals into revealing sensitive information like passwords or financial information. Distributed denial-of-service (DDoS) attacks overwhelm a website or server with a flood of traffic from multiple sources and cause it to slow down or crash, making it unavailable to most users. In man-in-the-middle attacks (MitM), perpetrators intercept communication channels to capture sensitive information. Social engineering attacks exploit publicly available personal information or information gathered through deception and manipulate users into providing unauthorized access. 

Digital threats are often linked to physical threats and can result in significant mental health concerns for journalists. This connection highlights the critical need for a holistic approach to security for journalists and news organizations. Governments’ use of spyware and “lawfare,” the weaponization of legal systems against journalists, further complicates the landscape. Beyond the safety risks, digital security challenges can damage public trust in the news media. Cyberattacks can disrupt operations and business models, driving away audiences. A lack of digital security training, especially in smaller newsrooms, can cause sources and whistleblowers to fear being unintentionally exposed. These threats are difficult and expensive for news organizations to manage alone, making collaboration among policymakers, tech platforms and civil society essential to protecting a free press.

What Makes It Complex

The effectiveness of cybercrime policies depends on how “cybercrime” is defined. There is no internationally accepted definition of cybercrime or cyberattacks. Some policies may include crimes dependent on the use of technology, crimes facilitated by the use of technology, or both. The definition can also be based on the seriousness of the crime or the type of case. Too broad or ambiguous a definition raises the potential for abuse of government power and can negatively impact journalists’ safety, freedom of expression and human rights. Due to the limited existing case law, it is unclear how cybercrime laws apply to the spyware industry, which poses threats to press freedom. Furthermore,  the term “cybercrime” must adapt as technology, such as AI, continues to evolve.

Digital policies sometimes lead to unintended consequences that impact the digital security of journalists and the general public. When creating digital policies, lawmakers must be careful not to inadvertently create new vulnerabilities or undermine existing protections. Certain policies, such as laws passed under the guise of protecting national security, can weaken digital security by making it easier for spyware to be deployed against journalists. Other measures may compromise the integrity of end-to-end encryption, a tool that helps keep communications private and is an essential part of press freedom. Additionally, policies that restrict or ban the use of VPNs directly endanger journalists who rely on these tools to bypass censorship, protect their IP addresses and conduct sensitive research. 

Policymakers must recognize and address these potential cyberthreats. Ensuring that new regulations do not create loopholes for surveillance technology, weaken encryption or limit access to essential security tools can help fortify the digital security of the independent press.

Governments and non-state actors are using spyware to surveil and intimidate journalists. The use of spyware against journalists represents a serious threat to the free flow of information and the safety of journalists. Recent incidents in countries like Poland and Italy illustrate the real-world danger of this technology and demonstrate that it is not limited to authoritarian contexts. The technology has the ability to infiltrate a target’s entire digital life without their knowledge. Journalists may be left with the uncertainty of whether their device has been compromised, a fear amplified by “zero-click attacks” where receiving a message is enough to infect a phone. The constant threat of surveillance fosters a climate of fear, creating a chilling effect on reporting. When journalists are afraid their sources will be revealed or their private communications censored, they may self-censor to avoid covering sensitive topics.

The ability to mitigate digital security risks differs across countries and across newsrooms. Despite the need for robust digital defenses to protect journalists, the widespread adoption of digital security tools remains low. A major factor is the significant lack of resources, funding, and technological infrastructure. Many news organizations, especially those in developing regions, do not have the budget to invest in security software, hire cybersecurity experts or maintain up-to-date hardware. The complexity and the lack of user-friendly technologies are another deterrent.

This problem is particularly pronounced in environments with unevenly developed infrastructure, where systems may be a patchwork of old and new technologies. This lack of a cohesive, modern foundation makes it difficult to implement and manage a comprehensive security strategy, leaving holes that cybercriminals can easily exploit.

Journalistic practices and norms can, at times, be in tension with digital security practices. Journalism is inherently public-facing and accessible, giving rise to high risk for those in the industry. Cybersecurity attacks can take many forms, including doxxing, man-in-the-middle attacks and online harassment. Journalists become even more vulnerable when their contact information is easily accessible online, such as  through social media. At the same time, removing such information is fundamentally at odds with newsroom efforts around audience interactivity and engagement.

CNTI’s own research has found that journalists do not always feel supported by their newsrooms when it comes to digital security. However, there are ways to improve this environment. It is important that news organizations implement policies and provide training and psychological support so their employees are better equipped to handle these situations. Journalists themselves need to adapt their technology habits and use available security tools.

State of Research

In the wake of prominent attacks and among a growing concern about AI’s broader threats to journalism, academic and public attention to the impact of cybercrime, ransomware and spyware on journalists has increased.

Research has depicted the unique threats of digital surveillance to investigative journalists and marginalized people and communities, including women, queer and gender-nonconforming people, and people of color. As noted earlier, there is a relationship between journalists’ digital presence and offline safety.

This research speaks to the global nature of digital security threats to an independent press. Future research should continue to examine how journalists, technology companies, researchers and policymakers can collaborate to defend against these threats, by tracking trends and sharing practices.

Notable Studies

  • Journalists Who Face High Risks Require Better Security Practices to Provide News

    Center for News, Technology & Innovation (2025)

    Summary: Based on a survey of journalists conducted in 2024, this report shows that journalists who face high risks say their sources do too. These journalists are not receiving higher levels of support from their news organizations than those facing low risks.

    CNTI’s Takeaway: The study shows that there is a gap between the experiences of journalists and organizational response. As a result, there is an opportunity for news organizations to increase engagement on these issues and help journalists work more safely and effectively.

  • Security: One-in-Three Journalists Regularly Face Serious Risks, but Their Level of Preparedness Varies

    Center for News, Technology & Innovation (2025)

    Summary: Based on a survey of journalists from 60 countries, this study finds that journalists face significant harassment threats. Those who frequently face high levels of risk feel more prepared to address them. The survey reveals that journalists in autocracies are more likely to say they are prepared to address security threats than those in liberal democracies. 

    CNTI’s Takeaway: The study shows journalists all over the world and under different kinds of governments feel that they are at risk. Despite growing risks, journalists are not always taking cybersecurity precautions recommended by experts, giving room for growth at the journalist and organizational level.

  • Dealing with the Black Box: European Journalists and the Threats of Spyware

    Digital Journalism (2024)

    Summary: This paper’s author interviewed technologists and journalists about the threats spyware poses to the practice of journalism. They found that the technology’s untraceability and the amount of damage it can do has detrimental impacts on the journalists themselves and the information environment as a whole.

    CNTI’s Takeaway: As researchers and policymakers consider new ways to address digital threats, it is important to consider how cyber policy can uniquely impact or benefit marginalized communities.

  • First be safe: Exploring and improving journalists’ skills in digital security

    Journalism (2024)

    Summary: Using an action-innovation model for research, the authors found that journalists lack competency in dealing with cyberthreats and have limited in-house communication. Additionally, they found the research process was mutually beneficial for the participants and the researchers. After the surveys, the researchers gained knowledge from the journalists, and, in turn, the journalists received tailored training on how to address cyberthreats.

    CNTI’s Takeaway: Practice-oriented research structures can provide important context and a nuanced understanding of the quickly evolving and nuanced topic of digital journalism, a topic whose influence can vary by region and context.

  • Electronic surveillance and Australian journalism: Surveillance normalization and emergent

    Digital Journalism (2023)

    Summary: This paper considers the threats Australian electronic surveillance laws pose to the privacy rights of the public, journalists, and their sources. The authors note the negative impacts surveillance laws have on sources’ willingness to share information, whistleblowers’ ability to maintain confidentiality and journalists’ attitudes toward, and practices around, digital security.

    CNTI’s Takeaway: While this paper focuses specifically on the Australian legal context, the authors propose a useful dual-pronged approach to tackling digital surveillance threats in journalism: through legal reforms and by fostering strong long-term information security cultures within newsrooms.

  • Silenced by Surveillance: The Impacts of Digital Transnational Repression on Journalists, Human Rights Defenders, and Dissidents in Exile

    Knight First Amendment Institute (2025)

    Summary: By interviewing 80 human rights defenders, journalists, and other members of civil society in the diaspora or exile, the authors analyzed the impact of digital transnational repression on individuals’ ability to engage in activism. The report found that the threat and action of digital transnational repression leads to self-censorship, withdrawal from advocacy and the erosion of a variety of human rights.

    CNTI’s Takeaway: This report takes an important look at the role of digital transnational repression such as surveillance might impact journalists. The authors highlight the difficulty in regulating this issue at the state level and how AI might exacerbate this problem further.

  • Weaponising the law: Attacks on media freedom

    Thomson Reuters Foundation & Tow Center for Digital Journalism (2023)

    Summary: Cybercrime, including cyber libel, is identified as one of eight key legal threats to independent journalists around the world.

    CNTI’s Takeaway: This work illustrates two critical elements of digital policies: definitional clarity (i.e., ensuring laws are clearly worded and not too broad or narrow) and specific oversight processes and safeguards.

State of Legislation

Cybercrime has become a growing concern among policymakers in many parts of the world. However, cybercrime policy does not always account for — and at times directly threatens — the digital safety of journalists. Often, cybercrime policy efforts are led by countries’ security or banking sectors, leading to policymaking that may be at odds with international standards for press freedom and privacy. Research has found that many cybercrime laws can be used to target journalists, thus threatening an independent press and free expression.

Over the past two decades, legal frameworks established to protect an independent press and the confidentiality of journalistic sources and information have been threatened in many parts of the world. New legislation and policies, including national security legislation, override and/or contradict existing protections. Other policies pressure or force digital intermediaries to provide private user data. When legislation does not adequately account for new digital data or new technological tools used by journalists and sources, it cannot provide them with necessary legal protections. Thus, forward-thinking policymaking is critical.

Finally, it is critical to have open legislative processes around cybercrime or cybersecurity at both the supranational and national levels so that the voices of the news media, journalists and civil society more broadly are taken into account from the start.

Notable Legislation

  • European Union

    Entered into force in 2024, the EU’s Cyber Resilience Act aims to bolster European protections against cyberattacks by placing higher standards on the level of cybersecurity for software and hardware products with a digital component on the EU market. It introduces mandatory cybersecurity requirements for manufacturers and retailers and they will apply to all products connected to another device, with some exclusions. Additionally, the European Media Freedom Act helps protect journalists and their sources by banning states from using surveillance tools against journalists and their sources, with a few exceptions.

  • Jordan

    In 2023, Jordan passed the Cybercrimes Law amending the previous version passed in 2015. The new law expanded the scope of the offenses, allowing the public prosecutor to prosecute without a personal complaint if the offense is related to governmental figures, and introduced harsh penalties for offenses such as “spreading fake news,” “threatening societal peace” and others. Between August 2023 and August 2024 hundreds, including journalists, have been charged under this law for social media posts.

  • Myanmar

    Myanmar’s Cybersecurity Law No.1/2025 came into effect in July 2025. It requires ministry approval for VPNs, a tool that encrypts  internet traffic and enhances online security, which can be vital for journalists reporting in hostile environments, and requires digital platforms with over 100,000 users to register for a license with the government. The law outlines different penalties, such as imprisonment or fines, for different cyber offenses.

  • Nigeria

    In 2024, Nigeria amended its Cybercrimes Act, which had previously criminalized a wide range of online speech, to only include messages that are pornographic or knowingly false. However, journalists continue to be arrested and prosecuted under the Act despite these amendments.

  • Türkiye

    Türkiye’s Cybersecurity Law No. 7545 came into force in March 2025. It aims to protect public institutions, individuals and the private sector from cyber threats. Some experts worry about the law’s impact on digital rights and media freedom. The Media and Rights Studies Association concluded that the law has the potential to act as a new form of censorship for the authorities.

  • United Nations

    In December 2024, the United Nations Convention against Cybercrime was adopted. While intended to help countries share information on such crimes, autocratic governments have sought to broaden the scope of cybercrime, which could curtail an independent press and free expression. Experts have noted concerns that a flawed treaty may empower human rights abuses and authorize broad cross-border surveillance.

Issue primers have been reviewed at multiple stages by more than 20 global research and industry expert partners, including CNTI advisory committee members, representing five regions. We invite you to send us research, legislation and other resources. Read more about CNTI’s issue primer and other research quality standards.

Download PDF

Share