Online harms are among the most urgent problems faced by the modern world. In an era of pervasive internet use, many of us now spend much of our lives online. We work online, play online, socialise online, and conduct commerce online. Despite the amount of time we spend online, the internet remains a relatively recent invention, and many people have yet to develop adequate online safety instincts.

In the physical world, children are often taught from a young age to look both ways before crossing the road. In the online sphere, however, it is unclear that most people possess comparable safety instincts. Weak passwords are commonly used, personal information is freely shared, and misinformation and disinformation are circulated unthinkingly.

This raises a fundamental question: how can societies build a culture of online safety, and who should be responsible for doing so? Addressing this question requires a clearer understanding of what constitutes “online harms” and who is responsible for perpetrating them.

What are “online harms”?

It is easy to think of examples of online harms, many of which now dominate news cycles. Election interference, the circulation of misinformation and disinformation, scams, hacking, cyberbullying and online harassment are familiar phenomena.

Despite their prevalence, however, the concept of “online harms” remains poorly defined. While these examples clearly qualify as harmful, they do not capture the full picture.

A common starting point is to equate online harms with cybercrime. For instance, the Singapore Police Force publishes an annual report on scams and cybercrime. Yet cybercrime is only a subset of online harms. Criminal behaviour represents the most serious form of harm, but it is also the hardest to prove and act upon. Many harmful online behaviours fall short of the legal threshold required for criminal liability. For example, unintentionally circulating false information is not an offence in Singapore, but such actions can nevertheless cause harm.

Criminal law also tends to evolve slowly. Legal frameworks often lag behind emerging forms of online harm. Doxxing — the intentional disclosure of someone’s personal information online to harass or intimidate them — was not specifically criminalised in Singapore until 2019, even though incidents of harmful doxxing were well known long before then.

To understand online harms more fully, it is therefore necessary to look beyond the law. One useful, though far from definitive, reference point is how social media platform providers define and act against harmful content. These platforms are an important barometer because they are where people spend a significant amount of time online, and consequently where exposure to online harms is most likely to occur.

Major platforms adopt broadly similar but not identical approaches. YouTube’s Community Guidelines group issues under headings such as spam and deceptive practices, sensitive content, violent or dangerous content, regulated goods and misinformation. Facebook’s Community Standards address a wide range of issues including fraud, scams, harassment, child safety, privacy violations, cybersecurity, inauthentic behaviour, hate speech and locally illegal content. TikTok’s Community Principles are organised around categories such as safety and civility, mental and behavioural health, integrity and authenticity, regulated goods and privacy.

This non-exhaustive survey highlights two key points. First, there is a rough consensus around many types of online harms. Second, there is no universally accepted definition. Community guidelines are often broadly phrased, leaving significant room for interpretation. What one platform considers “sensitive content” may differ substantially from another, even where similar terminology is used.

The implication is that online harms cannot be understood as a single phenomenon. Rather, the term encompasses a wide range of behaviours that operate in different ways and affect different segments of society.

The threat ecosystem

Given the diversity of online harms, it is unsurprising that the actors who perpetrate them are equally varied. As a general framework, these actors can be grouped into several broad categories.

First, there are individuals who unintentionally cause harm. These include users who, often in good faith, circulate false or misleading information without appreciating its potential impact.

Second, there are individuals who intentionally cause harm. This group includes scammers, disinformation actors, cyberbullies and online stalkers. While the harm is deliberate, its scale is often constrained by the limited reach and resources of a single individual.

Third, there are groups of individuals acting together. Informal groups may coordinate harassment campaigns, online pile-ons, or doxxing-driven attacks. Compared to lone actors, groups are capable of causing greater harm due to their amplified reach and collective effort.

Finally, and most seriously, there are professional organisations dedicated to online harms. These include organised crime syndicates, advanced persistent threat actors, and in some cases state-sponsored cyber operations. At this level, online harms can become sustained, sophisticated and systematic.

The response ecosystem

Facing this diverse threat landscape is a correspondingly diverse set of responders.

Governments play a central role. They have a responsibility to protect their societies from online harms just as they do from physical ones. Governments possess the authority to enact and enforce laws, but legislative and regulatory responses often take time to develop and implement.

Technology companies and platform providers also play a critical role. Large multinational firms such as Google, Meta, TikTok, Microsoft and Apple must protect users while complying with local laws. Although they lack the formal enforcement powers of governments, platforms are often able to act more quickly and upstream, implementing policies and interventions that prevent or mitigate harm before it escalates.

Civil society organisations, academia and non-governmental groups contribute research, advocacy and alternative perspectives. While they lack enforcement authority or direct access to platform controls, these actors help shape norms and inform both public policy and platform governance.

Finally, individuals themselves must not be overlooked. End users are often treated as passive recipients of protection, but personal responsibility remains essential. No system is foolproof. Education and individual vigilance are therefore critical components of online safety.

Understanding who causes online harm and who responds is an essential first step. Yet one emerging function sits at the intersection of prevention and enforcement.

Online harms are complex, evolving and not easily contained within existing legal or institutional boundaries. They span a wide range of behaviours and actors, and require responses that extend beyond criminal enforcement to include platform governance, civil society engagement and individual responsibility. Understanding online harms as a system—rather than a single problem—is therefore essential to building effective and durable responses. As digital environments continue to expand, so too does the need for roles that operate across prevention, moderation and enforcement, helping to translate policy intent into practical safeguards.

Read more in the second part of this Trust & Safety series, as we examine this profession, its role in addressing online harms, and why it is becoming increasingly important.