KCSS publishes the report "Are non-governmental organizations prepared to deal with cyber threats? An analysis of perceptions of cyber security capacity among NGOs in Kosovo"

KCSS publishes the report "Are non-governmental organizations prepared to deal with cyber threats? An analysis of perceptions of cyber security capacity among NGOs in Kosovo."

The report provides an analysis of perceptions within the non-governmental sector in Kosovo regarding the cyber threats that loom in the digital sphere and the need to build NGOs’ capacities to address these threats. 

NGOs are increasingly relying on technology and digital platforms to carry out their activities, including communication, advocacy, capacity building, and fundraising. As their digital footprint continues to grow, so does the risk they are inclined to face. Cyberattacks pose a real threat to the non-governmental sector, jeopardizing the effectiveness and security of NGOs, and potentially, even their existence. 

There is a significant lack of data regarding the primary cyber threats that individuals, organizations, and institutions in Kosovo face. To date, no report or analysis has been published that provides an overview of the main challenges faced by NGOs in the country and identifies the specific needs of the sector for enhancing their cybersecurity capacities to address cyberattacks.

The report published by KCSS aims to fill this existing gap by conducting a baseline assessment of cybersecurity capacities among NGOs in Kosovo. The report is based on a survey consisting of 43 questions conducted with 48 NGOs operating in different municipalities and working across different fields. The survey was conducted in collaboration with an external technology expert and is based on a series of universal cybersecurity indicators for organizations. 

The findings of the report indicate that NGOs in Kosovo face significant challenges in terms of their capacities to identify and respond to cyber threats. The analysis highlights the lack of human and financial resources, expertise, and adequate cybersecurity measures within these organizations to effectively address potential digital threats in the future. The absence of procedures and regulations to assist in managing and preventing cyber incidents, as well as the lack of response mechanisms to incidents, combined with the fact that the majority of respondents have never conducted any form of risk assessment related to digital threats, leaves these NGOs entirely exposed to a range of risks and vulnerabilities associated with the online sphere. Lastly, the lack of staff awareness, exacerbated by the absence of training and awareness campaigns, increases the risk of these individuals’ falling victim of various cyberattacks. This not only results in damage to the organizations, but also impacts the emotional and psychological well-being of staff members. 

Some of the recommendations outlined in the report include the need to prioritize cybersecurity among NGOs through the utilization of various free online resources to develop and enhance organizational cybersecurity measures. Furthermore, the donor community should increase its support for the non-governmental sector to effectively address the issue of cybersecurity, but NGOs themselves should also be more vocal and proactive in advocating for digital security.

The full report in both Albanian and English languages can be accessed through the following link: Report 

This report was published as part of the "Internet Freedom" project, supported by the United States Agency for International Development (USAID).