New UNU Macau Research Finds that Improving the Cyber Resilience of Local Civil Society Organizations is Crucial Amid Increasing Cybersecurity Risks

  • 2021•08•31

    Photo: UNU Macau/ Michael Gallo

    MACAU, 31 August 2021 – Digital information and communication technologies have become increasingly integral to the operations and service delivery of civil society organizations worldwide. The same situation is found in Macau, where the reliance of these organizations on digital technologies is growing, particularly for virtual meetings with beneficiaries and partners, data management, and the delivery of social care services. While digital transformation enables civil society organizations to become more resilient in crises, it also leads to increased cybersecurity risks.

    A new study by the United Nations University Institute in Macau (UNU Macau), Civil Society Organizations’ Cyber Resilience – leaving no civil society organization behind in cyber resilience, reviews civil society organizations’ evolving cybersecurity risk environment in Macau. The study underscores how these organizations’ limited cybersecurity resources and capabilities and their vulnerable position within the local cybersecurity landscape could impair their long-term operations.

    The study, supported by the Macau Science and Technology Development Fund (FDCT), employs surveys and in-depth interviews with personnel of local social care and community-based organizations. It reveals the cybersecurity incidents these organizations regularly experience, including password mismanagement, hardware failure, phishing, and malicious software. Despite awareness of the importance of cyber resilience – the capability to prepare for, defend against, recover from, and adapt to adverse cyber incidents – for organizational resilience, few organizations have relevant cybersecurity policies or procedures in place.

    Dr. Mamello Thinyane, Principal Research Fellow at UNU Macau, led the research and reflected on the findings:

    “The lack of internal cybersecurity capacity and expertise in civil society organizations has led them to adopt ad-hoc and haphazard cybersecurity management practices. We also observe significant gaps in the local cybersecurity landscape. There is more clarity in the cybersecurity legal provisions and more technical assistance available to the public- and private-sector organizations relative to civil society organizations. As a result, civil society organizations occupy a precarious and vulnerable position. These dynamics make them more susceptible to risks from adverse cyber incidents.”

    The report presents key recommendations to civil society organizations, governments, and providers of communication and cybersecurity services towards strengthening cybersecurity support ecosystem for civil society organizations.

    The report urges the government to bolster the role of existing cybersecurity response teams, develop cybersecurity solutions for civil society organizations, and provide them with cybersecurity capacity-building programs and cybersecurity-specific funding instruments. Further, it recommends that the government actively engage civil society organizations in cybersecurity policymaking.

    The report advises civil society organizations to undertake organization-wide cybersecurity capacity- building, adopt appropriate cyber resilience management models and frameworks, and leverage partnerships and external support for cybersecurity. Finally, the report recommends that communication and cybersecurity service providers define clear service level agreements for civil society organizations with commitments to specific cybersecurity targets. Such provisions are beneficial for the civil society organizations contracting the service of these enterprises and their compliance to the local data protection requirements as a data holder and data processor.

    The study emphasizes the need to enhance the cyber resilience of all stakeholders, including civil society organizations, to achieve societal cyber resilience in the digital age.

    The full report is available at:


    For enquiries, please contact:

    About United Nations University Institute in Macau
    The United Nations University Institute in Macau is a UN global think tank on Information Communication Technologies for Development (ICT4D). UNU Macau conducts UN policy-relevant research and generates solutions, addressing key issues expressed in the UN 2030 Agenda for Sustainable Development through high-impact innovations and frontier technologies. Through its research, UNU Macau encourages data-driven and evidence-based actions and policies to achieve the Sustainable Development Goals.