Digital information and communication technologies have become increasingly integral to the operations and service delivery of civil society organisations worldwide. The same situation is found in Macau, where the reliance of these organisations on digital technologies is growing, particularly for virtual meetings with beneficiaries and partners, data management, and the delivery of social care services. While digital transformation enables civil society organisations to become more resilient in crises, it also leads to increased cybersecurity risks.
A new study by the United Nations University Institute in Macau (UNU Macau), Civil Society Organizations’ Cyber Resilience - leaving no civil society organization behind in cyber resilience, reviews civil society organisations' evolving cybersecurity risk environment in Macau. The study underscores how these organisations’ limited cybersecurity resources and capabilities and their vulnerable position within the local cybersecurity landscape could impair their long-term operations.
The study, supported by the Macau Science and Technology Development Fund (FDCT), employs surveys and in-depth interviews with personnel of local social care and community-based organizations. It reveals the cybersecurity incidents these organizations regularly experience, including password mismanagement, hardware failure, phishing, and malicious software. Despite awareness of the importance of cyber resilience – the capability to prepare for, defend against, recover from, and adapt to adverse cyber incidents – for organisational resilience, few organisations have relevant cybersecurity policies or procedures in place.
Dr. Mamello Thinyane, Principal Research Fellow at UNU Macau, led the research and reflected on the findings:
“The lack of internal cybersecurity capacity and expertise in civil society organisations has led them to adopt ad-hoc and haphazard cybersecurity management practices. We also observe significant gaps in the local cybersecurity landscape. There is more clarity in the cybersecurity legal provisions and more technical assistance available to the public - and private-sector organisations relative to civil society organisations. As a result, civil society organisations occupy a precarious and vulnerable position. These dynamics make them more susceptible to risks from adverse cyber incidents.”
The report presents key recommendations to civil society organisations, governments, and providers of communication and cybersecurity services towards strengthening cybersecurity support ecosystem for civil society organisations.
The report urges the government to bolster the role of existing cybersecurity response teams, develop cybersecurity solutions for civil society organisations, and provide them with cybersecurity capacity-building programs and cybersecurity-specific funding instruments. Further, it recommends that the government actively engage civil society organisations in cybersecurity policymaking.
The report advises civil society organisations to undertake organisation-wide cybersecurity capacity- building, adopt appropriate cyber resilience management models and frameworks, and leverage partnerships and external support for cybersecurity. Finally, the report recommends that communication and cybersecurity service providers define clear service level agreements for civil society organisations with commitments to specific cybersecurity targets. Such provisions are beneficial for the civil society organisations contracting the service of these enterprises and their compliance to the local data protection requirements as a data holder and data processor.
The study emphasises the need to enhance the cyber resilience of all stakeholders, including civil society organisations, to achieve societal cyber resilience in the digital age.
The full report is available at: https://go.unu.edu/3NN1O
For enquiries, please contact: cyber-resilience@unu.edu