Are Non-Governmental Organizations prepared to deal with Cyberthreats?- An analysis of perceptions of cybersecurity capacities among NGOs in Kosovo

NGOs in Kosovo are increasingly relying on digital tools to conduct their work. From online correspondence via different applications, storing important organizational data on electronic devices and establishing an online presence through social media accounts, they are leveraging technology to streamline processes, improve communication, and engage with stakeholders. However, with the benefits of these digital tools come certain challenges and risks that, if left unaddressed, can undermine the effectiveness and security of NGOs and potentially even threaten their very existence. Malign actors are increasingly using the online sphere to perpetrate malicious activities, including stealing sensitive data, committing financial crimes, spreading falsehoods and hate speech, to name but a few. 

The aim of this report is to provide a analysis of perceptions of key digital threats and digital capacity-building needs of the non-governmental sector in Kosovo. It seeks to fill the existing data gap by conducting an initial assessment of the key challenges faced by NGOs in terms of digital security and identifying their specific needs for enhancing their digital capacity. The report draws on a quantitative survey conducted among 48 NGOs to assess their cybersecurity landscape. The findings reveal that NGOs in Kosovo face significant challenges in terms of their capacity to identify, mitigate, and respond to cyber threats. The analysis highlights a lack of adequate resources, expertise, and cybersecurity measures within these organizations to effectively tackle potential digital threats in the future. 

The lack of procedures and regulations to help guide and govern the management and prevention of cyber incidents and lack of incident response mechanisms, coupled with the fact that most survey respondents had never conducted any form of risk assessment relating to digital threats, leaves NGOs in Kosovo completely exposed to a myriad of risks and vulnerabilities associated with the online sphere. The findings from this report show that NGOs in Kosovo face significant challenges in terms of their capacity to identify, mitigate, and respond to cyber threats. The analysis highlights a lack of adequate resources, expertise, and cybersecurity measures within these organizations to effectively tackle potential digital threats in the future. While NGOs appear to perceive cyber threats to be a real threat to their wellbeing, they are not proactively engaged in addressing and mitigating these risks.

 The findings from this analysis indicate a lack of security culture within the sector. The lack of procedures and regulations to help guide and govern the management and prevention of cyber incidents, coupled with the fact that most survey respondents have never conducted any form of risk assessment relating to digital threats, leaves NGOs in Kosovo completely exposed to a myriad of risks and vulnerabilities associated with the online sphere. Without a concrete incident response plan in place and without designated persons within the organization that are responsible for monitoring and responding to threats, these NGOs are left largely unprepared to handle potential breaches, which is likely to lead to delays, confusion, and inadequate response to cyber incidents. Finally, the lack of awareness among staff, which is exacerbated by the absence of training and awareness-raising campaigns, increases the risk that these individuals become victims of various cyberattacks. This not only causes damage to the organization but also affects the emotional and psychological wellbeing of the staff members themselves.