Safeguarding aid in the digital age: Embedding resilience in humanitarian response

When a ransomware attack forced the International Committee of the Red Cross (ICRC) to shut down systems supporting its Restoring Family Links programme in 2022, more than half a million vulnerable individuals—including people separated by conflict or disaster—were left in limbo. When unfounded claims circulating on social media delayed the rollout of Ebola vaccines in the Democratic Republic of Congo, the result was not just confusion, but preventable loss of life.

These are not edge cases. They signal a deeper truth: humanitarian operations are now digitally dependent — but not always digitally protected. Cyberattacks, network outages, and the manipulation of public information are increasingly disrupting aid delivery in fragile and high-risk settings. In this new landscape, digital threats are no longer a back-office concern — they are frontline risks. And if left unaddressed, they can derail the speed, scale, and trust that modern humanitarian response depends on.

The expanding digital threat landscape for aid operations

The digital infrastructure underpinning humanitarian response—from biometric registration systems to mobile money transfers and cloud-based logistics—has rapidly expanded. But so has the risk. Aid organisations are now facing a growing spectrum of digital threats that cut across cyber, information, and physical domains.

In Ukraine, cyberattacks have accompanied military operations, targeting not only critical infrastructure but also humanitarian coordination tools. In one case, malware attacks disrupted government services used to verify aid eligibility and access. AWS reported: 

“several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption. In these particularly egregious cases, malware has been targeted at disrupting medical supplies, food, and clothing relief.”

In Myanmar, the response to the devastating March 2025 earthquake was severely hindered by military-imposed access restrictions, communication blackouts, and interference with humanitarian operations. According to the UN Human Rights Office, the military has not only blocked aid from reaching affected communities but also disrupted communications infrastructure essential for coordination and delivery. Aid workers have reported the inability to access or verify needs in hard-hit areas, while disrupted digital systems and mobile networks have slowed relief efforts, added to operational uncertainty, and further endangered civilians.

These are not one-off incidents. They illustrate a broader trend: digital volatility is becoming a strategic vulnerability in humanitarian settings. Threat actors—whether criminal groups, hostile states, or opportunistic actors—increasingly exploit humanitarian operations as soft targets. The result is a growing number of crises where operational disruption stems not from logistics challenges, but from digital fragility.

Why digital resilience must be built into aid design

As humanitarian operations become more digital, they also become more exposed. As the earlier examples show, these risks aren’t hypothetical; they’re operational threats with real-world consequences. As such, Humanitarian and donor frameworks are encouraged to treat digital risks as a core operational concern.

When humanitarian actors are caught unprepared, digital fragility can undermine everything from logistics to protection outcomes. Staff safety may be compromised. Beneficiaries may lose access to life-saving support. And donor investments may be delayed or derailed at the moment they are needed most.

To keep pace with this evolving threat environment, digital resilience must be treated as a core design principle in humanitarian planning — not an afterthought.

What a digitally resilient aid system looks like

Resilience in today’s humanitarian context means designing aid systems that can function through digital disruption; not just recover from it. This requires planning that spans beyond technical fixes, embedding digital risk thinking into operations from the outset.

Example elements include:

• Crisis communication protocols: Multi-channel plans to coordinate staff, partners, and communities even when networks go down or narratives shift rapidly.
• Information environment monitoring: Keeping situational awareness of online trends, emerging confusion, or narrative volatility that could impact trust, access, or coordination.
• Securing critical digital infrastructure: Identifying and protecting the platforms, networks, systems, and supply chains essential for aid delivery—including contingency plans for outages or compromise.
• Hybrid threat scenario planning: Integrating cyber, information, and physical risks into preparedness exercises and risk frameworks.
• Embedding digital resilience in tender and grant requirements: Ensuring that expectations for cyber and information security are clearly specified, resourced and proportionate to the operating context.
• Donor support for digital resilience: Providing funding, practical advice and support to humanitarian organisations so that digital resilience does not become an additional unfunded mandate.

As examples of this, PGI has supported peace mediators as they scope, enter and engage with actors in fragile and conflict states. Our work has included activities such as identifying key actors and groups and their postures towards reconciliation; identifying how militant groups are using the online space to target vulnerable groups and incite violence; and identifying and mapping out domestic and foreign actors undermining peace processes. In 2023, PGI provided an assessment of the Sudanese information environment to help our client better understand online drivers of conflict and the roles that certain actors play in influencing conflict. Our research supported their plan of engagement within Sudan. 

By embedding these elements early, humanitarian actors, and the donors who support them, can better ensure that aid operations remain trusted, timely, and effective, even under digital pressure.

Think digitally, plan proactively

In an age of compound crises, digital fragility is no longer a secondary concern. It’s a frontline vulnerability. Cyber threats, infrastructure breakdowns, and information volatility can derail humanitarian operations as swiftly as conflict or natural disasters. Protecting aid today means protecting the digital systems and trust networks that enable it. Donors and multilaterals have a pivotal role to play. 

By mainstreaming digital resilience into funding requirements, programme design, and coordination mechanisms, they can help ensure that humanitarian systems are built to withstand the pressures of a digitally contested world. Proactive investment now—in preparedness, partnerships, and protective systems—can safeguard not only data and operations, but also lives and access when it matters most.

Contact us to talk about how we can support your programme design.