How to prevent 200+ NGOs in The Hague from shutting down after a cyberattack

Type: Behind the story
Topic: Cybersecurity
Publication date: 4 Oct

Imagine the Red Cross or another NGO, having received millions of aid donations after an earthquake, hurricane or other disaster, being attacked by cyber criminals. All computers down. No aid possible until the ransom is paid. Disastrous. The CyberPeace Institute helps NGOs all over the world fend off cyberattacks and build their cyber resilience. From now on, all 200+ humanitarian NGOs in The Hague can join its programme for free.

No ethics among cybercriminals

Why? They have sensitive data on vulnerable people and often a low level of cyber security. “They are being attacked from all directions, becoming targets of both criminals and state actors”, says Stéphane Duguin, CEO of the CyberPeace Institute. “If you are a criminal, you do this for the money. As soon as there is a crisis or a disaster, NGOs suddenly are very rich, because of all the donations. That’s when cybercriminals prevent them from working by launching a ransomware attack. They don’t care who they attack and sometimes they don’t even have a clue who they attack. There is no ethics among cybercriminals.”

Disastrous consequences

NGOs are amongst the most targeted. “Why? Because they are holding very sensitive data, for instance about refugees in Ukraine or food security in Afghanistan. Those data can be very valuable”, Duguin explains. Such cyber attacks have disastrous consequences. For example, in case of a ransomware attack, an entire computer network can be shut down until the ransom money has been paid. Most NGOs are afraid the public will stop donating if such an attack becomes public and it gets known that aid donations are funding criminals.


Attacks in the news

Some cyber attacks, however, do make the news. For instance the cyber attack that hit the International Red Cross (ICRC) in January 2022. Hackers managed to steal the personal data and confidential information of 515.000 vulnerable people. In 2020, NGO Roots of Peace, transforming mines to vines with local people in Afghanistan, was tricked into wiring 1.34 million US Dollars to a Chinese bank account. The cybercriminals impersonated the CEO, leaving the NGO ashamed and devastated. 

Duguin says. “Since then, they have been struggling to keep operations up”

NGO supporting NGOs

For two decades Duguin has fought cybercrime at Europol in The Hague. He led the creation of the European Cybercrime Centre and the major international counter cybercrime, terrorism and hybrid threats operations, investigating threat actors deploying cyberattacks, illegal content and disinformation techniques. He was recruited in 2019 by the CyberPeace Institute, which provides free cybersecurity assistance for the most vulnerable organizations. Like an NGO supporting NGOs.

The institute brings together partners, experts and volunteers to help humanitarian and development NGOs prepare for, defend against and recover from cyberattacks. It collaborates with cybersecurity and technology partners to develop an understanding of the cybersecurity threat landscape of vulnerable communities. It provides advanced warning of threats to reduce their impact and harm, and informs policymakers and authorities, urging them to regulate cyber security and hold criminals accountable.

High risk of losing lives

The CyberPeace Institute was founded in 2019 by both philanthropic and corporate organizations: the William & Flora Hewlett Foundation, Mastercard, Microsoft and the Ford Foundation. It is based in Geneva, and has people stationed in its office in The Hague. It started with helping the healthcare sector.

says Duguin. “During Covid-time there was a huge increase of cyber attacks against health care. That’s why this was the first community we decided to help”

Since June 2020 the institute recorded over 500 incidents in healthcare, mostly disruptive cyberattacks and ransomware, with potentially devastating consequences to the people being treated. In lots of countries healthcare is delivered by NGOs. That’s why the institute started looking at the vulnerability of NGOs. “Our core focus now is on humanitarian organizations, because if they are under attack, the risk of losing lives is very high. At the same time they have a very low level of cybersecurity”, Duguin states. Today, the CyberPeace Institute is helping almost 200 NGOs build their cyber resilience and fend off cyberattacks.

Corporate volunteers helping NGOs

To do this, the institute created the CyberPeace Builders. This programme gathers cybersecurity experts from the private sector, to offer their skills and to work as volunteers with NGOs around the world. So far 656 volunteers from 44 companies have put in 1.126 hours to help 167 NGOs.

Duguin: “At the CyberPeace Institute there are only 30 of us and we want to help NGO’s by the thousands. NGOs can access all kinds of tools for cybersecurity, but they are missing the workforce to do so. On the other hand a lot of private sector companies hire cybersecurity experts who are more than happy to do more. We created a programme that mixes both. We sign contracts with their companies for a couple of volunteering hours, which we can allocate directly tot NGOs. Our objective is to help 1000 NGOs by the end of 2025.”

ONE Conference: Europe’s prime cybersecurity event

To expand the programme, the CyberPeace Institute is looking at The Hague. As the ‘International City of Peace and Justice’, The Hague has a long-standing tradition of protecting the rule of law. That’s why The Hague is hosting and organizing the annual Cybersecurity Week with ONE Conference as Europe’s prime cybersecurity event. This year’s Cybersecurity week was from 2 till 5 October. This week many activities will take place and the event attracts cybersecurity professionals from all over the world. The municipality helps local organizations with their cybersecurity on a very hands-on an effective level at the municipality of The Hague itself.

Cyber Secure The Hague: Cybersecurity for NGOs

To help more NGOs become cybersecure, the CyberPeace Institute has been working with The Hague Humanity Hub, the Dutch Institute for Vulnerability Disclosure (DIVD) and the global Computer Security Incident Response Team ( in a cybersecurity project for NGOs, co-funded by the City of The Hague: Cyber Secure The Hague: Cybersecurity for NGOs. The programme started with giving free training, tools and advice to 10 NGOs, to help them become more cyber resilient. Today at the ONE conference, it was announced that the programme will be open to over 200 humanitarian NGOs in The Hague and its wider region. They can all join the CyberPeace Builders programme for free.

Why The Hague?

“We want to help NGOs in The Hague and we want to attract the interest of Dutch companies. That’s why we decided to start our first CyberPeace Builders chapter outside of Geneva here in The Hague”, Duguin says.

Cyber Secure The Hague: NGO Support Program For more information about the Cyber Secure The Hague: NGO Support Program
About the CyberPeace Institute The CyberPeace Institute is a Geneva based organization protecting the most vulnerable in cyberspace. Independent and neutral, the Institute investigates and analyzes the human impact of systemic cyber threats, delivers free cybersecurity assistance, tracks the enforcement of international laws and norms and forecasts threats to Cyberpeace. Since October 2023 they are based in The Hague as well to support over 200 NGOs in The Hague directly.
About The Hague's Humanity Hub The Hague Humanity Hub supports and strengthens the ecosystem for a more peaceful and just world. They facilitate connections and innovation by offering the necessary ingredients for chance encounters, new alliances, inspirational collaborations, and the exchange of knowledge. They strive to enable effective action through community, programmes, and The Hague Humanity Hub campus.
Press Release Please Read the official announcement about the ‘Cyber Secure The Hague: NGO Support Program’ at #ONE2023 and the background of this non-profit consortium