When Russia physically reinvaded Ukraine in 2022, it also increased its cyberattacks on Ukraine’s critical infrastructure, government, and civilians. The global private and nonprofit sectors quickly helped Ukraine by delivering cyber defense assistance.
This piece explores how mission alignment and preestablished relationships enabled a rapid surge of private sector cyber assistance to Ukraine in 2022 and why maintaining that support as the war endures for over four years has proven difficult. Two barriers emerge—the lack of sustained funding and the lack of feedback loops—which now determine the future effectiveness of Ukraine’s cyber defense ecosystem.
Establishment of Early Support
The first wave of cyber defense assistance to Ukraine emerged naturally: Assisting Ukraine already aligned with organizations’ missions, or Ukraine was a long-standing partner, client, or market.
Cyber Threat Alliance (CTA), a CDAC partner that has been involved since February 2022, described its decision to assist Ukraine as immediate and intuitive. CTA quickly assembled a subset of member companies willing to share their intelligence for Ukraine and built a pipeline to deliver hundreds of thousands of indicators per day to Ukrainian defenders.1
“Part of our mission is to raise the level of cybersecurity across the entire digital ecosystem…[Assisting Ukraine] fit with our mission.”
– Michael Daniel, CEO of CTA
Other organizations already had relationships with Ukrainian recipients before February 2022. CDAC-related cybersecurity training providers have been working with Ukrainian partners on Industrial Control Systems/Operational Technology (ICS/OT) security since 20152. Similarly according to the Atlantic Council’s 2025 November report, Mandiant3, Google, and CrowdStrike had customers in Ukraine since 2014, and Microsoft was already actively building capacity in the country. The existing relationships helped companies quickly provide aid.
Constraints on Continuous Support
Yet, motivations only explain why companies decided to assist quickly, which does not necessarily translate to long-term support. Providers describe two structural constraints that make sustained assistance difficult: first, the practical and financial limits of a largely pro-bono system; and second, the absence of reliable feedback loops to guide and prioritize support.
Constraint 1. Sustaining a Pro-Bono System
With the war lasting far longer than expected, donor fatigue was inevitable and is evident. CDAC’s delivered assistance has been on the decline since 2023. The impulse to help has not faded, but providers highlight that long-term sustainment of such pro-bono assistance is challenging.
First, as CDAC and private sector-led assistance started to decline, international coordination and facilitation mechanisms began to emerge: The IT Coalition—a group of foreign nations dedicated to supporting Ukraine’s Defense Forces’ IT, communications, and cybersecurity— was announced in September 2023. Similarly, the Tallinn Mechanism, an international organization aimed at helping facilitate and coordinate Ukraine’s civilian cyber capacity, was formalized in December 2023. Yet, nearly two years after the establishment of these mechanisms, ways of engaging with them remain complex and confusing, demonstrating the importance of structure and transparency in coordinating funded and sustained assistance.
Second, Western companies are increasingly struggling to justify providing free or near-free support when recipient-enterprises show increased annual profits or announce investments in other areas. This issue is naturally amplified when the donor company’s leadership and shareholders are more focused on the company’s profits and revenue than the operational necessity in Ukraine4.
Constraint 2. Optimizing Assistance
Another commonly cited challenge is the absence of a clear feedback loop. Providers do not know which tools, training, or intelligence streams are meaningful or effective in wartime contexts.
CTA described sending vast amounts of threat intelligence without knowing what Ukrainian analysts were consuming. As Michael Daniel noted, “It’s hard for any organization to articulate what intelligence they need. Doing it in the middle of a war is even harder.” CDAC, together with Columbia University, created a framework to evaluate the effectiveness of cyber defense assistance which highlighted the importance of having a systematic feedback loop to integrate findings into ongoing planning and execution of assistance.
Gentry Lane, CEO of cyber software company Nemesis Global, commented that Ukraine’s defenders, overwhelmed by day-to-day incidents, often find answering the question ‘What do you need?’ difficult5, which puts the burden of proposing a tailored and realistic solution on the providers.
Final Remarks
The past four years show what mission-driven companies can achieve under pressure and how far pre-established relationships can go in terms of assistance delivery. However, simultaneously, such ad-hoc models can be fragile in the face of long-term conflict. Building a sustainable system will require structured and transparent coordination and feedback mechanisms that help donors and defenders prioritize and optimize assistance. Donor’s voices highlight that making assistance delivery sustainable requires the effort of all involved stakeholders—from nations to donor organizations to recipients:
- Nations should create more transparency and structure in international mechanisms that coordinate funded delivery of cyber defense assistance: both recipients and providers should be able to engage with the mechanism as well as understand how requests are prioritized and funds are allocated.
- Donor companies should consider hybrid commercial models as well as innovate ways of gathering insights: companies can deliver discounted assistance or multi-year licensing to Ukrainian recipients who need to prioritize other needs—such as reconstruction from kinetic attacks—over cyber defense. Additionally, innovative ways of gathering insights can help understand the effectiveness of different types of assistance. For example, CTA is developing a tool to measure what users consume. Applied to Ukraine, this innovation could reveal which indicators are downloaded and acted on, providing feedback regarding which intelligence streams are useful6.
- Recipients should attempt to dedicate efforts to providing routinized feedback to donors. Developing a consolidated, prioritized list of requirements to guide future assistance would help relieve the burden of proposing a tailored and realistic solution from providers. Feedback also provides transparency, helping providers understand that the delivered assistance has been consumed as well as is effective and necessary.
If all involved stakeholders collaboratively make the effort to overcome these barriers, assistance to Ukraine can be further sustained, and Ukraine’s hard-earned lessons can bring durable improvements to global cyber defense assistance mechanisms for future conflicts.
This piece is a part of CDAC’s Blue Force Tracker and Conflict Analysis Initiative. Much of the analysis draws on interviews with Naftogaz’s cybersecurity leadership, other engaged Ukrainian and international actors, and CDAC staff.
Written By Yevheniia Yefymoya
Footnotes
- Michael Daniel (Cyber Threat Alliance), interview by CDAC, November 2025. ↩︎
- Private Provider, interview by CDAC, November 2025. ↩︎
- Google acquired Mandiant in 2022 ↩︎
- CDAC Staff insight ↩︎
- Gentry Lane (NEMESIS), interview by CDAC, November 2025. ↩︎
- Michael Daniels (Cyber Threat Alliance), interview by CDAC, November 2025. ↩︎
