Surfshark
At the International Journalism Festival 2026, cybersecurity took center stage in a panel that brought together journalists and security experts to discuss an uncomfortable truth: the digital threats facing reporters have never been more serious.
Led by Patricia Černiauskaitė, Research and Communications Lead at Surfshark, the session gathered independent journalist Charlie Osborne, TechRadar news editor Chiara Castro, and Surfshark systems engineer Karolis Kačiulis to explore how cybersecurity threats are reshaping journalism — and what can be done about them.
When your doorbell rings at 3 a.m.
For Charlie Osborne, the reality of cyberthreats became personal in the most jarring way possible. “I realized it was a real and dangerous threat when my flat bell was going off at 2:00 and 3:00 in the morning,” she shared. “When the lines between what I was doing digitally and physically blurred, I knew it was an absolute problem.”
As a young journalist early in her career, Osborne found herself the target of a cyberstalker. The experience forced her to relocate and took a toll on both her mental health and work quality.
Her story illustrates a harsh lesson: in the digital age, journalists often learn about privacy and security only after something goes wrong.
The spyware problem democracies won’t talk about
Chiara Castro brought attention to a different but equally troubling threat: state-sponsored spyware. She highlighted the Graphite scandal in Italy, where at least three journalists and four NGO activists from a Mediterranean Sea rescue operation received notifications that they’d been targeted with surveillance software.
“The Graphite scandal is emblematic of why democracies are increasingly getting comfortable using spyware against the press and civil society: a lack of oversight and accountability,” Castro explained.
What you don’t see can hurt you
Modern spyware is designed to be invisible. Karolis Kačiulis explained that while conventional signs of malware — devices heating up, running slowly, or apps opening and closing unexpectedly — used to be reliable indicators, today’s efficient processors make such detection nearly impossible.
“Today’s CPUs are so efficient that it is really hard to notice anything because spyware is basically a really simple program,” Kačiulis noted. “Instead of relying on signs, you need meticulous attention to detail regarding how you use your devices and what you use them for.”
Most hacks, he emphasized, happen through social engineering — targeting human psychology rather than exploiting technical vulnerabilities.
Practical steps you can take tonight
The panelists closed with concrete advice that anyone can implement immediately:
Change your passwords and audit your social media
Kačiulis recommended rethinking your relationship with social media entirely, identifying contacts who overshare information that could compromise your security, and reconsidering what you keep on your feeds.
Review what’s on your devices
Castro suggested examining the sensitive data stored on your phone or computer. If it doesn’t need to be there, delete it and move it to a physical, encrypted storage device instead.
Investigate yourself
Osborne recommended spending 30 minutes searching for your name online and using services like Have I Been Pwned to see which data breaches may have exposed your information.
Why this matters
The panel made clear that cybersecurity for journalists isn’t a technical issue — it’s a press freedom issue. When reporters can be surveilled, stalked, or compromised, their ability to hold power accountable diminishes.
Watch the full panel discussion below to hear more insights from the experts on protecting yourself in an increasingly hostile digital landscape.
