Cyberattacks against NGOs: a wake-up call for the international community

CyberPeace Institute

At the CyberPeace Institute, our experience working with humanitarian non governmental organizations (NGOs) to build cyber capabilities to protect their operations, data and resources, shows that cyberattacks against the sector are on the rise. 

World NGO Day (27 February) is an international day dedicated to recognize, celebrate and honor all NGOs and nonprofit organizations, and the people behind them that contribute to society all year around. On this day, the CyberPeace Institute – an NGO itself – is drawing attention to the need to protect NGOs from cyberattacks.  

As a society we must not become immune to cyberattacks, accepting them as the negative side of today’s growing online presence.  Each cyberattack chips away at our trust and affects us either on an individual basis – because we were directly affected – or across society as yet another cyberattack is disclosed that affects organizations we rely on for healthcare, transport, energy, etc.  

When NGOs are attacked, men, women and children who are already vulnerable and in need of food, water, shelter, healthcare, etc. are placed at even greater risk. Beneficiaries of humanitarian NGOs have already reached the limits of their coping mechanisms and are reliant on aid, due to war, disaster and other complex emergencies.    

Cyberattacks are costly, and divert resources away from other activities – in the case of humanitarian NGOs this can have real consequences for the ability to deliver programs for people in need.   We must not be deluded by the fact that we cannot “see” cyberattacks, they are attacks on people, not technology. 

Identifying the harm to people

The moment a cyberattack against an organization is discovered is the moment when priorities have to shift and the focus has to be on identifying the harm to people, restoring disrupted systems and putting in place new measures to reduce the risk of future attacks. This is work that takes weeks and months, not days.  

Cyberattacks are increasingly sophisticated and identifying and responding to them is not a straightforward endeavor, it takes skilled resources. Cyberattacks damage trust with stakeholders.  Cyberattacks harm the psyche of people, as staff are operating in crisis mode for weeks to try to manage the impact of a cyberattack.  

Any cyberattack against the humanitarian sector is shocking – take the recent example of the cyberattack against the International Committee of the Red Cross (ICRC) restoring family links program[1] This is a service that meets one of the most basic humanitarian needs – to know the fate of and reconnect families who have been torn apart by war, migration and disaster. which is still disrupted more than one month after the cyberattack. The transparency that the ICRC demonstrated in publishing information about the disruption caused by the cyberattack  is important because people’s lives are affected.  The harm that such attacks cause is immeasurable and will have an impact for decades to come. 

The attack affecting the ICRC made media headlines, yet it is not alone.

In May 2021, New Zealand’s largest volunteer agency in international development, the Volunteer Service Abroad (VSA), was hit by a ransomware attack that encrypted vital information in its data systems, some of which were lost as a result. The VSA refused to pay the ransom and has since recovered from the attack and put measures in place to prevent a recurrence.

A Philadelphia food bank was hit by a US$ 1 million ransomware attack in December 2020 at a time when 5.6 million Americans were dependent on food handouts due to Covid-19 pandemic.

CEO fraud cost Save the Children US$ 1 million in 2018, and caused Roots of Peace a total loss of US$ 1.3 million in 2020.

Aggregating cyberattacks against NGOs

One cyberattack against humanitarian NGOs is too many.  However, when you start to aggregate these attacks you can see the extent of the targeting of this sector.  

The CyberPeace Institute has been aggregating data on cyberattacks against humanitarian NGOs and will soon launch the Cyber Incident Tracer (CIT) #Humanitarian to raise public awareness of the proliferation of such attacks and insights gained. This interactive online platform tracks the threats to and harm caused by cyberattacks on NGOs and their beneficiaries.  

The collection and analysis of data on cyberattacks against the humanitarian sector helps to provide preliminary indications of the scale and impact of such attacks.  This is vital to efforts to put a stop to cyberattacks against the humanitarian sector.

This builds on the experience gained through the Cyber Incident Tracer (CIT) #HEALTH  platform launched in 2021 to document cyberattacks on the healthcare sector. The data in this platform is already being leveraged by other organizations to inform policy discussions and practices. 

Call to end cyberattacks against NGOs 

The cyberattack against the ICRC must be a catalyst for change. At the CyberPeace Institute we call for greater protection from attack for the humanitarian sector, recognizing the increasingly digital nature of humanitarian response and the harm that can be caused to people already made vulnerable by conflict, violence and disaster.  The time for change is now.


1 This is a service that meets one of the most basic humanitarian needs – to know the fate of and reconnect families who have been torn apart by war, migration and disaster.

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.