CyberPeace Institute

Acronym: CyberPeace Institute

Established: 2019

Address: Campus Biotech Innovation Park, 15 Avenue de Sécheron, 1202 Geneva, Switzerland

Website: https://cyberpeaceinstitute.org/

Stakeholder group: NGOs and associations

The CyberPeace Institute is an independent and neutral non-governmental organisation (NGO) that strives to reduce the frequency, impact, and scale of cyberattacks, to hold actors accountable for the harm they cause, and to assist vulnerable communities.

The institute is a Geneva-based NGO, also working in close collaboration with relevant partners to reduce the harm from cyberattacks on people’s lives worldwide and provide assistance. By analysing cyberattacks, we expose their societal impact and how international laws and norms are being violated, and advance responsible behaviour to enforce cyberpeace.

At the heart of the Institute’s efforts is the recognition that cyberspace is about people. We support providers of essential services to the most vulnerable members of society, ultimately benefiting us all, like NGOs and the healthcare sector. Attacking them can have a devastating impact on beneficiaries and patients, putting their rights and even lives at risk.

To deliver on this mission, we rely on donations and the generosity of individuals, foundations, companies, and other supporters. This support enables us to assist and support vulnerable communities, including NGOs, to enhance their resilience to cyberattacks.

The Institute also provides evidence-based knowledge and fosters awareness of the impact of cyberattacks on people to give a voice to and empower victims to highlight the harm and impact of cyberattacks. We remind state and non-state actors of the international laws and norms governing responsible behaviour in cyberspace, and advance the rule of law to reduce harm and ensure the respect of the rights of people.

Contents

Digital activities

Founded in 2019, the CyberPeace Institute focuses on assessing the impact of cyberattacks from a human perspective, prioritising the rights and well-being of individuals. Our analysis is grounded in evidence, examining how cyberattacks affect people’s lives and linking these impacts with the technical realities of cyberthreats. We also evaluate these impacts in the context of legal violations, ensuring a comprehensive understanding of the harm caused.

The Institute advocates for a human-centric, evidence-based approach to the analysis of cyberattacks, recognising it as critical to achieving meaningful redress, repair, and justice for victims. We approach our work collaboratively, engaging in research, analysis, assistance, mobilisation, and advocacy to drive change. By working closely with vulnerable communities, we gain valuable insights into their cybersecurity needs and deliver trusted, free cybersecurity assistance to those who need it most.

A key element of the Institute’s digital activities is its commitment to providing free cybersecurity support to organisations that serve the most vulnerable. The CyberPeace Builders programme connects the nonprofit sector with the cybersecurity industry, enabling threat intelligence sharing, volunteering, and funding. This programme enhances the cybersecurity of NGOs by offering tailored assessments, threat alerts, specialised training, and expert volunteer support, all designed to help these organisations defend against cyberattacks and mitigate digital risks.

The CyberPeace Tracer platform plays a crucial role in tracking and analysing cyberattacks targeting vulnerable communities. By leveraging AI, the platform provides invaluable insights into cyberattacks, helping organisations identify potential threats and build digital resilience. This data-driven tool enables civil society to monitor, detect, and respond to cyber threats, ensuring their operations remain secure and their missions uninterrupted.

In addition to providing direct support, the CyberPeace Institute actively engages in global cybersecurity policy discussions. The Institute participates in international coalitions and debates, aiming to influence the development of laws, rights, and norms in cyberspace. By advocating for responsible behaviour and accountability, the Institute helps protect the rights of vulnerable communities in the digital world, fostering cooperation and promoting ethical guidelines for cyberspace governance.

The Institute’s commitment to research and analysis is reflected in its ongoing efforts to monitor the evolving cybersecurity landscape. The Institute publishes reports on a wide range of topics, including the impact of cyberattacks on vulnerable communities, cybersecurity risks for NGOs and critical sectors, emerging technologies like AI and quantum computing, and the intersection of cyberattacks and disinformation. The Institute also explores legal frameworks, capacity building, cyber resilience, and threat intelligence, offering actionable insights and recommendations to enhance cybersecurity and protect human rights in the digital age.

The CyberPeace Institute also runs the CyberPeace Institute Academy, an educational initiative aimed at building cybersecurity capacity within vulnerable sectors. The Academy offers free training and resources designed to improve the cybersecurity knowledge and skills of individuals and organisations working in the nonprofit and humanitarian sectors. Through its courses, workshops, and certifications, the Academy helps strengthen the digital resilience of organisations, empowering them to respond to cyber threats effectively.

Digital policy issues

Critical infrastructure

Cyberattacks against critical infrastructure have been on the rise, from attacks against hospitals and vaccine supply chains to attacks on the energy sector. When such disruptions occur, access to basic services is at risk. It is vital that there is an increase in the capacity and ability to improve resilience to cyberthreats in critical sectors, such as healthcare. The CyberPeace Institute urges stakeholders in diplomatic, policy, operational, and technical areas to increase their capacity and resilience to cyberthreats.

The Institute advocates for capacity building aimed at enabling states to identify and protect national critical infrastructure and to cooperatively safeguard its operation. This includes capacity building, implementation of norms of responsible behaviour, and confidence building measures. In strengthening efforts to protect critical infrastructure, the Institute calls for the sharing of lessons learned between countries to assist those with less capacity and fewer capabilities.

NGOs in civilian-critical sectors, for example, water, food, healthcare, energy, finance, and information, need support and expertise to help them strengthen their cybersecurity capabilities. While these NGOs provide critical services to communities and bridge areas not covered by public and private actors, they lack the resources to protect themselves from cybersecurity threats.

Examples of the Institute’s work in this regard:

Calls to governments to take immediate and decisive action to stop all cyberattacks on hospitals and healthcare and medical research facilities, as well as on medical personnel and international public health organisations.
Capacity building is essential for achieving cyber preparedness and resilience across sectors and fields, and activities focus on providing assistance and capacity building to NGOs that might lack technical expertise and resources.
Publication of the strategic analysis report Playing with Lives: Cyberattacks on Healthcare are Attacks on People, and the launch of the Cyber Incident Tracer (CIT) #Health platform that bridges the current information gap about cyberattacks on healthcare and their impact on people. This is a valuable source of information for evidence-led operational, policy, and legal decision makers.
Analysis and evaluation of cyberattacks and operations targeting critical infrastructure and civilian objects in the armed conflict between Ukraine and the Russian Federation through the publicly accessible Cyber Attacks in Times of Conflict Platform #Ukraine and a two-part video series to offer visual representation of key findings further developed in our quarterly analytical reports.
A data-driven platform named The CyberPeace Tracer that leverages AI to map and analyse cyberattacks against civil society, providing them with insights to mitigate risks and vulnerabilities while building accountability.
Participation in the INFINITY project to transform the traditional idea of criminal investigation and analysis. INFINITY has received funding from the European Union’s Horizon 2020. Its concept is based around four core research and technical innovations that together will provide a revolutionary approach and convert data into actionable intelligence.
Participation in the UnderServed project, an EU-funded initiative to address the lack of adequate cybersecurity measures for vulnerable sectors, including humanitarian, development, and peace non-governmental organisations. The primary objective of the project is to establish a comprehensive platform for reporting and analysing cyber threats. This platform is tailor-made for NGOs vulnerable to cyberattacks, which often lack the resources to effectively mitigate such threats.

Network security

The nonprofit sector is the safety net of humanity. Nonprofits around the world provide critical services to the most vulnerable, but this does not stop threat actors from attacking them.

Malicious actors are already targeting NGOs in an effort to get ransoms and exfiltrate data. These NGOs often lack the budget, know-how, or time to effectively secure their infrastructures and develop a robust incident response to manage and overcome sophisticated attacks.

With this in mind, the Institute launched its CyberPeace Builders programme in 2021, a unique network of corporate volunteers providing free pre- and post-incident assistance to NGOs supporting vulnerable populations.The CyberPeace Builders programme connects the nonprofit sector to the cybersecurity industry in various scalable and innovative ways to maximise social impact.

Through threat intelligence sharing, volunteering and funding, experts, companies, and donors are meaningfully helping nonprofits. This initiative brings support to NGOs in critical sectors at a level that is unequalled in terms of staff, tools, and capabilities. It assists NGOs with cybersecurity whether they work locally or globally and supports them in crisis-affected areas across the globe.

The CyberPeace Builders programme has grown significantly, now including over 1,300 cyber volunteers who have assisted more than 450 nonprofits worldwide. In 2024, the programme completed over 1,000 missions and logged 2,442 volunteer hours and has since expanded to The Hague (Netherlands) and launched the US Cyber Resilience Corps.

Several major corporate partners have joined the CyberPeace Builders initiative, including: Adobe, CapGemini, HPE, Inditex, Logitech, Marsh, Mastercard, Microsoft, Okta, Rapid7, Splunk, WithSecure, and Zurich.

The Institute established new partnerships with ISC2 and launched an upgraded matchmaking system in January 2025. The CyberPeace Tracer platform builds on the work of the CyberPeace Builders to provide nonprofits with tailored, real-time threat intelligence. The platform tracks and analyses cyberattacks targeting nonprofits, providing them with useful insights to strengthen their digital resilience while building accountability.

Capacity development

The Institute believes that meaningful change can occur when a diversity of perspectives, sectors, and industries work together. To address the complex challenges related to ensuring cyberpeace, it works with a wide range of actors at the global level including governments, the private sector, civil society, academia, philanthropies, policymaking institutions, and other organisations. The Institute contributes by providing evidence-led knowledge, emphasising the need to integrate a genuine human-centric approach in both technical and policy-related projects and processes, and by highlighting the civil society perspective to support and amplify existing initiatives.

Training

The CyberPeace Institute is providing comprehensive training for NGO boards and staff, foundations, and volunteers designed to empower organisations with vital tools for safeguarding their missions.

The Institute established a ‘CyberPeace Academy’, focused on building digital resilience and in partnership with Microsoft, launched the ‘Cyber School Initiative’, an 8-week fully virtual cybersecurity training course that successfully certified 99 participants in the 2024 cohort with a 95% success rate. The programme attracted a diverse group of participants (152 women, 48 men) and is specifically designed to help refugees, students, returning job seekers, and others interested in diversifying their professional skills.

The Cyber School curriculum consists of eight thematic modules covering: foundations, internet and ICT fundamentals, information security basics, governance, risk management, and AI integration with cybersecurity. The curriculum was developed to align with in-demand topics from recruiters in the cybersecurity sector, with Zarc Okere as the Lead Trainer.

The Institute has developed the General Cybersecurity Assessment (GCSA), a self-assessment tool to help civil society organisations evaluate their cybersecurity maturity level. The GCSA is rooted in the NIST Cybersecurity Framework but is tailored for non-technical professionals. The assessment consists of 9 categories with 30 questions and takes less than 20 minutes to complete. Each question is connected to at least one of 34 missions available within the CyberPeace Builders programme.

After completing the assessment, organisations receive a two-page report with a colour-coded matrix showing their cybersecurity maturity, their score, comparison with other organisations in the programme, and recommendations for the top five missions with volunteers. The assessment can be repeated to track progress over time, with organisations able to reassess after six months into the programme.

Interdisciplinary approaches

To contribute to closing the accountability gap in cyberspace, the Institute seeks to advance the role of international law and norms.

It reminds state and non-state actors of the international law and norms governing responsible behaviour in cyberspace and contributes to advancing the rule of law to reduce harm and ensure the respect of the rights of people.

Contribution to UN processes

In 2021–2022, the Institute contributed to and commented on various UN-led processes (notably the UN Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security (UN GGE) and the Working Group (WG) on the Use of Mercenaries as a Means of Violating Human Rights and Impeding the Exercise of the Rights of Peoples to Self-Determination).
Since its inception, the Institute has closely followed the work of the UN Open-Ended Working Group (UN OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security, advocating recognition of the healthcare sector as a critical infrastructure and raising concerns about the lack of commitment towards an actionable and genuine human-centric approach.
In the Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies 2021–2025 (OEWG II), the Institute set out three key action areas and related recommendations, and is contributing its expertise in relation to the protection of humanitarian and development organisations from cyberattacks.
The Institute issued a Statement at the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (Cybercrime Convention).
Moreover, the Institute sought to advance the Cyber Programme of Action (PoA) by offering recommendations concerning the range, organisation, and approaches for stakeholder participation.
The Institute also welcomed the call for civil society organisations to contribute to the Global Digital Compact (GDC) and provided a set of recommendations.

Participation in international initiatives: The Paris Call working groups

The Paris Call for Trust and Security in Cyberspace is a multistakeholder initiative launched by the French government at the Paris Peace Forum in November 2018. The Call itself sets out nine principles promoting and ensuring the security of cyberspace and the safer use of information and communications technology (ICT).

To operationalise these principles, six working groups were created in November 2020 to work on various issues that relate to them. The Institute co-led WG5 with colleagues from Geopolitics in the Datasphere [Géopolitique de la Datasphère] and The Hague Centre for Strategic Studies (HCSS).
The work of this group led to the Final Report published during the Paris Peace Forum 2021. It presents a methodology to facilitate understanding of how the implementation of normative, legal, operational, and technical measures, or the lack thereof, contribute to stability in cyberspace and ultimately to cyberpeace.
The Institute contributed to WG3: Advancing the UN negotiations with a strong multistakeholder approach, leading to the publication of the final report on Multistakeholder Participation at the UN: The need for greater inclusivity in the UN dialogues on cybersecurity.
The Institute chaired the session ‘Unpacking the Cyber Mercenaries’ Phenomenon’ at the 6th edition of the Paris Peace Forum.

At the World Economic Forum meeting in Davos, in May 2022, the CyberPeace Institute joined Access Now, the Office of the High Commissioner for Human Rights (OHCHR), Human Rights Watch (HRW), Amnesty International, the International Trade Union Confederation (ITUC), and Consumers International to call on decision makers to take action and initiate a moratorium limiting the sale, transfer, and use of abusive spyware until people’s rights are safeguarded under international human rights law.

This is in addition to a call made in 2021, in which the Institute joined more than 100 civil society organisations calling for a global moratorium on the sale and transfer of surveillance technology until rigorous human rights safeguards are adopted to regulate such practices and guarantee that governments and non-state actors do not abuse these capabilities.

EU processes

At the Institute, we conduct an evaluation of best practices in implementing EU regulations, focusing on their evolution and development to ensure effective execution. Simultaneously, we analyse EU mechanisms like the EU Cyber Diplomacy Toolbox, aimed at countering malicious cyber activities and bolstering resilience, while providing targeted observations and recommendations.

We contributed to the Joint Letter of Experts on Cyber Resilience Act to shed light on the vulnerability disclosure requirements, which are believed to be counterproductive.
We offered recommendations to the working group of the ITRE Committee (EU Parliament).
We led the workshop for the European Parliament’s Subcommittee on Security and Defence (SEDE) on The role of cyber in the Russian war against Ukraine: Its impact and the consequences for the future of armed conflict, which was then published as a working paper.
We provided positions and recommendations on the EU AI Act (unpublished yet).

Digital technology plays an important role in conflict mediation and global peacebuilding. It can extend inclusion, allowing more women or people from marginalised groups to take part in or follow the mediation process. It can make mediation faster and more efficient and can allow mediators to draw on resources from around the world.

However, digital technology brings risks, too. It can increase polarisation, for example, and allow disinformation to spread to more people, more quickly. It can increase vulnerability to malicious actors, spying, and data breaches. These risks can undermine trust in the process.

Mediators work in low-trust, volatile contexts and do not always have the knowledge to assess the risks posed by digital technology. The new online platform helps to raise awareness of those risks, as well as offers training on how to deal with them. The Digital Risk Management E-Learning Platform for Mediators was created in 2021 by the CyberPeace Institute, CMI – Martti Ahtisaari Peace Foundation, and the UN Department of Political and Peacebuilding Affairs (UNDPPA) Mediation Support Unit.

As part of the integration and engagement with the stakeholder ecosystem in Geneva, the Institute is a member of the Geneva Chamber of Commerce, Industry and Services (CCIG). Various academic collaborations are ongoing through participation in conferences, workshops, and lectures, namely with the École Polytechnique Fédérale de Lausanne Centre for Digital Trust EPFL (C4DT), the University of Geneva (UNIGE), and the Geneva Graduate Institute (IHEID). In 2020, the Institute formed a strategic partnership with the SwissTrust Valley for Digital Transformation and Cybersecurity.

The Institute and its staff have received several awards for innovative and continuous efforts promoting cyberpeace including the 2020 Geneva Centre for Security Policy (GCSP), the second prize for Innovation in Global Security, and the Prix de l’Economie in 2021 from CCIG.