Table of Contents
Abstract#
Practitioner guidance establishing that digital security is a security risk management problem requiring integration across programmes, operations, and security teams—not just an IT issue.
Summary#
The leading humanitarian security network documents how digital attacks translate to physical harm through disinformation endangering field staff, supply chain compromises, and shared infrastructure risks. The report adapts the traditional NGO security triangle (acceptance, protection, deterrence) to digital contexts and identifies critical gaps in staff training and resource equity between headquarters and field.
Key Findings#
On Why Digital Threats Matter for Physical Security#
The report connects digital and physical risk directly:
“By increasing their reliance on digital technology, humanitarians open themselves up to numerous vulnerabilities, threats, and risks.”
And on the consequences:
“The implications of such attacks can threaten the safety and security of humanitarian staff and their operations.”
On Geographic and Temporal Scope#
Unlike physical threats, digital risks have no boundaries:
“Digital data exist indefinitely and can be accessed from nearly anywhere in the world. As a result, there are no geographic or temporal limitations for many of the external threats and internal vulnerabilities resulting from digital technology.”
“Actors can exploit vulnerabilities or conduct targeted attacks from far outside the geographic area of a specific operation and well into the future.”
On Disinformation as a Security Threat#
Multiple interviewees identified disinformation as the greatest physical security risk:
“Two interviewees highlighted that the spread of misinformation is one of the greatest risks to the physical security of in-country humanitarians.”
The report cites research on how false information spreads:
“Research investigating the different rates at which true and fake news stories spread on X found that ‘falsehood diffused significantly farther, faster, deeper and [more] broadly’ than true information.”
On the White Helmets Case#
The report documents a concrete example of disinformation impact:
“The Syria Campaign, a human rights organisation opposing Assad and the Russians, reported that on X alone, bots and trolls targeting the White Helmets reached 56 million people during 2016 and 2017. The impact of this campaign was so severe that it contributed to the US State Department’s decision to freeze aid to the group in 2018.”
On NGOs as Easy Targets#
The report quotes cybersecurity practitioners directly:
“Digital threat actors increasingly view humanitarian organisations as easy targets because they struggle to protect themselves.”
On Shared Infrastructure Risk#
A critical point about digital dependencies:
“Humanitarian organisations frequently rely on the same infrastructure and suppliers as governments and militaries (dual-use technology). As such, when a government’s or military’s digital servers are attacked, the humanitarian organisations sharing the digital infrastructure with the government will be vulnerable to an attack as well, even if these organisations are not the direct target.”
The Threat Landscape#
External Threats#
| Category | Examples |
|---|---|
| Geopolitical shifts | Great power competition, strategic use of cyberspace, erosion of humanitarian norms |
| Warfare digitalisation | Drones, OSINT, AI-enabled targeting, cyber operations |
| Disinformation | Coordinated campaigns against humanitarian orgs, false narratives about aid |
| Supply chain attacks | SolarWinds-type compromises affecting NGO vendors |
Internal Vulnerabilities#
| Category | Examples |
|---|---|
| Technical | Phishing, hacking, inadequate IT security in field offices |
| People | Poor digital literacy, inability to identify false information |
| Process | Over-reliance on data, failure to assess new technology risks |
| Investment | Security underfunded, donor priorities misaligned |
| Organisational | New technology adopted without management adaptation |
The Security Triangle in Digital Contexts#
The report examines how the traditional NGO security framework applies digitally:
Acceptance#
“Increasingly, we see digital campaigns, such as mis/disinformation campaigns, directly or indirectly undermine the relationship between the community served and the humanitarian organisations and staff working there.”
The report notes a key difference from physical acceptance:
“Establishing trust and achieving acceptance will remain a challenge in an online environment, even when digital emblems are widely used. Spoof accounts and phishing emails will include humanitarian-created digital insignia, fake email addresses, and varying levels of personnel-specific information.”
Protection#
“When it comes to ensuring digital security… organisations typically focus on implementing protective IT security measures at headquarters but fail to implement similarly comprehensive digital security measures across all of the organisation’s operations and geographic locations.”
On the limits of physical-world protective strategies:
“In the digital realm… Humanitarian organisations frequently rely on the same infrastructure and suppliers as governments and militaries (dual-use technology).”
Deterrence#
“To quote an interviewee, ‘deterrence is not really an option’ when looking at digital actions. This is partly because many actors from a wide variety of backgrounds can launch digital attacks, which are often difficult to identify, and they might be aiming to bring aid activities to a halt.”
Data as an Undervalued Asset#
The report identifies a cultural problem:
“Interviewees expressed that humanitarian organisations often do not view data as an asset that needs to be valued to the same degree as physical assets, such as cash and vehicles.”
The Afghanistan case illustrates the consequences:
“Some organisations had not made contingency plans on what to do with their data (regarding local staff and communities) as the Taliban approached Kabul in 2021, forcing them to make quick decisions on the fly.”
Recommendations#
1. Security at the Enterprise Level#
“All decisions made about the use of technology at all levels need to be viewed through the lens of SRM.”
“SRM experts should gain a seat at the table in both meetings involving high-level executives as well as board meetings.”
2. Interdisciplinary Teams#
“This requires creating job roles and hiring people with interdisciplinary knowledge who are able to ‘speak the language’ of all the experts, such as the language used in operations, IT, physical security, fundraising, and advocacy.”
3. Investment in People#
“For the last 10 years, much of the investment around digital technologies has focused on innovation of the digital tools themselves and not the people who use them or on mitigating the associated risks.”
“Access to (digital) security training should be equitable across the sector, regardless of location or position.”
4. Risk Sharing with Partners#
“Where possible, INGOs should take advantage of their digital security infrastructure and promote risk sharing with local organisations.”
Why This Matters Beyond Humanitarian Work#
The GISF analysis applies to any organisation facing the intersection of digital and physical risks:
- Geopolitical exposure — Organisations working internationally face state-sponsored threats
- Supply chain vulnerability — Dependence on third-party technology creates shared risk
- Disinformation impact — Online campaigns affect real-world operations and safety
- Security integration — Digital security cannot remain siloed in IT departments
- Staff equity — Field staff often lack the training and tools available at headquarters
The report’s core framework question applies universally:
“As the contexts in which humanitarian organisations deliver assistance to crisis-affected communities evolve, so do the types of vulnerabilities, threats, and risks aid workers face.”
About GISF#
The Global Interagency Security Forum (GISF) is the leading security risk management network for humanitarian, development, human rights, and environmental protection organisations. Member-led, it serves as a hub for information sharing, knowledge management, and coordination on security issues.
This research was funded by USAID under a three-year cooperative agreement.
Access#
Available as open access PDF from GISF.
Related Resources#
- GISF Security to Go Toolkit — GISF’s foundational security risk management guide
- GISF Digital Risk Report (2021) — Earlier GISF analysis on digital risks and acceptance
- NGO Cyber Security Blog — GISF’s practical orientation for NGOs new to cybersecurity
- Safeguarding Humanitarian Organisations from Digital Threats — ICRC’s legal and policy analysis