What is the name of your solution?
CyberPeace Builders
Provide a one-line summary of your solution.
The CyberPeace Builders program is an innovative solution to the main obstacle to nonprofit cybersecurity: the shortage of cyber talent.
In what city, town, or region is your solution team headquartered?
Geneva, SwitzerlandIn what country is your solution team headquartered?
What type of organization is your solution team?
Nonprofit
Film your elevator pitch.
What specific problem are you solving?
In today’s volatile international environment, nonprofit organizations play a central role in providing humanitarian relief and protecting the human rights of over 1 billion vulnerable individuals worldwide trapped in conflict, natural disasters, or economic hardship. However, the problem is that as nonprofits collect and retain more beneficiary data, receive donor funds through digital channels, and manage key operations via internet-connected systems, their vulnerability to cyberattacks has considerably increased in the past few years. This is due to the fact that nonprofits come across as cyber-poor and target-rich to cyber criminals. Cyber-poor as they are an easy target from a technical perspective, and target-rich as the sector raises over $1 trillion annually to deliver programs that bring life saving assistance and protection to people in need.
While cybersecurity is a problem for all industries, it has become a particular challenge for nonprofits. From ransomware to fraudulent access and data leaks, cybercriminals have become increasingly sophisticated and the threat landscape more diverse. In addition, these cybersecurity challenges are accompanied by a workforce shortage. Nonprofits operate on well-defined and often limited budgets, dedicating most of their funds to fulfilling their mandates. This makes it difficult for nonprofits to attract the cybersecurity talent needed to stay secure. Beyond material resources, one of the main challenges nonprofits face is that their leadership often lack the time – and in many cases the awareness – to carry out the extensive research necessary to implement robust cybersecurity governance measures aligned with their organization’s operational reality. Furthermore, few donors require the organizations they support, and allow them to invest time and funding on cybersecurity issues.
The digital attack surface of NGOs has been growing considerably in the past decade. More precisely, the COVID-19 pandemic has forced many NGOs around the world to digitalize their operations in order to ensure continuity. During the pandemic and in its aftermath, digital development was not only a necessity, but it became part of the NGOs’ strategy, introducing a permanent change in the way they work, communicate, fundraise, or deliver services. Nonetheless, while digitalizing their services, very few NGOs have developed their own products and platforms. Instead, most of them use third party services to assist them with the digital tools they require, exposing them to a whole set of threats and vulnerabilities.
What is your solution?
As a solution to the aforementioned problem, the CyberPeace Institute launched the CyberPeace Builders program in October 2021: a network of cybersecurity experts with a wide range of profiles, both technical and non-technical, employed by local and international companies, who volunteer their time to help nonprofits enhance their digital resilience against cyber threats. More precisely, nonprofits and corporate volunteers (referred to as “Builders”) that enter the program are invited to join a secure online cooperation platform hosted via Mattermost.
Mattermost is an open source communication platform, similar to Slack or Discord. The online platform is composed of two hubs - the Builders Space & the CyberPeace Café. These hubs act as central nodes where on one side nonprofits can access resources and events, ask questions, and flag cyber incidents (the CyberPeace Café), while on the other volunteers can share ideas, synchronise, and select missions (Builders space). In addition to these hubs, each nonprofit organization has access to it’s own channel, while the volunteers can select their engagements through a board that is constantly updated by the program team. Once a volunteer selects their engagement – or mission – they are automatically added to the specific channel of the nonprofit. The platform enables both nonprofits and cybersecurity experts to engage in active community dialogue, while strengthening their cybersecurity.
To assist nonprofits to identify their needs and help in the creation of concrete missions, usually ranging between 1 to 4 hours, the CyberPeace Builders program team has developed the General Cybersecurity Assessments (GCSA). The GCSA enables a holistic and in-depth evaluation of the nonprofit's entire cybersecurity infrastructure, networks, applications, processes, and practices. This includes identifying both technical and human-related vulnerabilities. Once the assessment is completed, the nonprofit receives a short, 2-page report containing a color-coded matrix of the 9 categories mentioned above and some initial mission recommendations.
This self-assessment is completed by all nonprofits upon joining the program. It consists of 30 different questions touching upon essential cybersecurity elements, divided into 9 concrete categories, as follows:
Assets and user management
Endpoint and network security
Remote access and cloud services
Backup
Public-facing digital perimeter security
Multi-Factor Authentication (MFA) and password management
Cybersecurity awareness
Dark web and active logs monitoring
Governance (policies)
The 30 questions of the assessment can lead to a total of 34 comprehensive missions, separated into three categories: People, Technology, and Processes.
As a result, nonprofits map their cybersecurity needs and maturity level, while gaining access to industry-grade expertise to strengthen their internal capabilities and to upskill staff. This type of actionable and concrete cybersecurity assistance provided through by the CyberPeace Builders is unique, as it empowers nonprofits not only with access to the workforce they are missing, but also with the resources and tools necessary to demonstrate that they are taking their cybersecurity seriously – which builds trust with donors and beneficiaries of their services, protects sensitive data, and can lead to long-term budgetary savings and better investments.
Who does your solution serve, and in what ways will the solution impact their lives?
In the past few years, hundreds of NGOs have started to report being the victims of cyberattacks, with many research studies indicating them as the second most targeted sector. It is believed that only 1 in 10 nonprofits offer cybersecurity awareness training to their staff, only 1 in 5 have a cybersecurity policy, and 1 in 4 nonprofits have the resources and knowledge to monitor their network against threats. This is due to the fact that, since most nonprofits operate on limited resources, it is difficult for them to attract the required cyber-talent that could implement the relevant security controls for their organizations. Along these lines, a recent study conducted by the Institute in 2023 amongst Geneva-based nonprofits, highlighted that 56% of NGOs do not have a budget allocated for their cybersecurity needs, while 70% of them do not believe to have the knowledge, skills, and resilience necessary to respond to a cyberattack.
It is this lack of resources, knowledge, and capacity that render nonprofit vulnerable to cyber threats – but it is exactly on these aspects that the CyberPeace Builders program proves its added value as an adequate solution. The CyberPeace Builders program serves nonprofits around the world to enhance their digital resilience. More precisely, the program empowers the staff of nonprofit organizations to continue the delivery of their life saving services to their own beneficiaries without the fear of the harm caused by cyberattacks. Their profiles vary greatly, ranging from C-level professionals, to programs or operations staff, as well as IT personnel in some organizations.
The program provides access to nonprofits to different cybersecurity resources specifically designed keeping their operational realities and needs in mind; it focuses on capacity-building and on equipping nonprofit staff with the right behaviours, skills, and best practices to spot potential cyber threats, while connecting them with cybersecurity experts that deliver trainings, vulnerability scans, or help these organizations better monitor their networks. For example, in 2023 alone the program delivered 114 awareness missions to over 60 NGOs equalling approximately 240 hours of capacity-building.
How are you and your team well-positioned to deliver this solution?
The CyberPeace Builders program is designed and implemented by the Operations Team of the CyberPeace Institute. The Team has 8 Full-Time Employees and 1 Part-Time Employee. The Team is suitable to carry out the work thanks to its experience with the program since its early, incipient phase in 2021. We are professionals coming from different backgrounds, with a range of skills from inside and outside the cybersecurity industry, such as the security sector, humanitarian world, or private companies. We have initiated the CyberPeace Builders program with a clear understanding of the problem and a strong ambition: to make a difference and have an impact on an underserved community of vital importance to billions of vulnerable individuals around the world.
Since the beginning of the program, we always aimed to have a regional approach and to build trust with the nonprofits we serve. In this case, our regional advisors on the ground (one colleague in Geneva, Switzerland for Europe and another colleague in Nairobi, Kenya for Africa) act as liaisons between the corporate volunteers and supported nonprofits, thus providing a localized and contextualised approach that ensures support is adapted to the needs of each nonprofit. Furthermore, we have done extensive research and testing to position our CyberPeace Builders programme and platform. As a result, we are the only ones providing cyber assistance to nonprofits for free, with a financially sustainable solution based on corporate social responsibility (CSR).
During the past three years, the program evolved based on the feedback received from the nonprofit organizations we serve. We are a young, motivated, and human-focused team; our aim has always been and will be to understand the needs of the community we serve by directly connecting with them. For example, the General Cybersecurity Assessment was designed after an exploratory process of nonprofits’ cybersecurity needs, in order to achieve a tool that is aligned and respects both industry standards (NIST Cybersecurity Framework) and nonprofits’ operational realities and needs. We also gather continuous feedback from those we serve: after every engagement, volunteers and nonprofits are invited to submit a feedback form to let us know how we can improve. We have a target to keep satisfaction above 80%, which we have always met; for example, the current satisfaction rate for nonprofits is at 95%.
Which dimension of the Challenge does your solution most closely address?
Promote and sustain peace by increasing community dialogue, civic participation, reconciliation, and justice efforts; strengthening cyber security, and monitoring or preventing violence, misinformation, and polarization.Which of the UN Sustainable Development Goals does your solution address?
What is your solution’s stage of development?
GrowthWhy are you applying to Solve?
We are applying to Solve to receive assistance in overcoming financial, legal, and market barriers in our endeavour to expand to the United States (US). In the US, 11% of the population lives under the poverty line. Food banks, shelters, nonprofit healthcare organizations are vital to these vulnerable individuals. Another equally pressing issue is exacerbating this situation: the severe talent shortage in the cybersecurity industry. While there are 1.1 million cybersecurity professionals in the United States, over half a million positions in the sector remain vacant. For nonprofits with limited budgets, hiring or retaining cybersecurity experts that command high salaries is a significant challenge. Projections indicate that the talent shortage may increase to 3.5 million by 2030 worldwide, leaving nonprofits in a precarious situation with minimal hope of receiving the protection they urgently need.
On our side, we are actively pursuing to expand our services and presence in the US. We are currently working with close to 20 nonprofits based across the country and active in sectors such as healthcare, reproductive rights, social inequalities, and human rights, to mention a few. In addition, the US Cybersecurity and Infrastructure Security Agency (CISA), has selected the CyberPeace Builders program as a reference model to protect high-risk communities in the US. Becoming part of Solve would be a massive enabler for us to bring the CyberPeace Builders to a new geographical area: besides assisting us in understanding legal requirements to open an office in the US, this opportunity would allow us to explore new financial leads, to remove market barriers, and to empower even more nonprofit organizations to strengthen their cybersecurity. Moreover, we are looking to expand our services to social enterprises as next step of our growth and we believe we could greatly benefit from Solve's expertise in this area.
Here at the Institute, we strongly believe that collaboration is the key to a better and more secure future - this belief is being materialised through the CyberPeace Builders program. Our ambition is to connect every cybersecurity professional to every nonprofit in the world. To do that, we need to scale up our existing network from hundreds of volunteers and NGOs, to thousands and more. To support this growth, we have already invested in our data pipeline and dashboarding capabilities for business analytics purposes. Solve would provide us with a platform to bring our capacities to the US and make them known across different communities, which in turn can lead to new funding or collaboration opportunities with like-minded organizations.
In which of the following areas do you most need partners or support?
Who is the Team Lead for your solution?
Stéphane Duguin
What makes your solution innovative?
What makes this initiative innovative is its human-centric approach: by connecting nonprofits with corporate volunteers who can assist them with their specific cyber challenges, we're not just improving security—we're fostering a culture of collaboration and support. It's a fresh take on cybersecurity that's accessible, effective, and community-driven.
Describe in simple terms how and why you expect your solution to have an impact on the problem.
Our solution makes a real difference when addressing the cybersecurity gaps many nonprofit organizations face. Through the tailored approach to understand each nonprofit's unique challenges thanks to our assessment tool, we are in the position to connect them with skilled corporate volunteers via Mattermost. This hands-on support not only helps protect nonprofits from cyber threats but also empowers them with knowledge and resources to navigate the digital landscape safely. One of the most important structural impacts at the organizational level that we noticed this far is how a nonprofit, from having no knowledge or capacity of cybersecurity, develops a whole culture and changes behaviours in almost a year. At the individual level, we noticed more and more staff from these nonprofits pursuing cybersecurity certifications and changing professional digital hygiene.
What are your impact goals for your solution and how are you measuring your progress towards them?
Our impact goals for the CyberPeace Builders program are twofold: firstly, to significantly enhance the cybersecurity maturity of nonprofit organizations, and secondly, to reduce their vulnerability to cyberattacks. To measure our progress towards these goals, we employ both qualitative and quantitative metrics. Qualitatively, we assess the effectiveness of our solution by monitoring the feedback and satisfaction of participating nonprofits and volunteers. We also track the implementation of cybersecurity best practices and the adoption of recommendations provided by volunteers. Quantitatively, we measure key indicators such the improvement in their assessment scores, as well as the frequency and severity of cyber incidents reported by nonprofits before and after their engagement with the program. By analyzing these metrics, we can gauge the tangible impact of our solution and continually refine our approach to better meet the evolving needs of the nonprofit sector in terms of cybersecurity.
Describe the core technology that powers your solution.
At the heart of the CyberPeace Builders program lies a user-friendly technology stack designed to facilitate collaboration and address cybersecurity challenges within nonprofit organizations. The cornerstone of our solution is Mattermost, a versatile communication platform that serves as the primary interface connecting nonprofits with corporate volunteers. Mattermost enables real-time communication, file sharing, and collaboration, fostering seamless interaction between participants. Additionally, there is our assessment tool tailored to the unique needs and realities of nonprofit organizations. This tool, developed in-house, allows us to comprehensively evaluate the cybersecurity posture of each nonprofit, identifying vulnerabilities and areas for improvement. Leveraging this data allows us to identify needs and match nonprofits with corporate volunteers possessing the requisite expertise to address their specific cybersecurity challenges. Furthermore, our solution leverages cybersecurity best practices and industry standards to guide interventions and recommendations provided by volunteers. Through the combined power of tailored assessments, matchmaking, and expert guidance, the CyberPeace Builders program empowers nonprofits to enhance their cybersecurity resilience and mitigate the risk of cyber threats effectively.
Which of the following categories best describes your solution?
A new business model or process that relies on technology to be successful
Please select the technologies currently used in your solution:
If your solution has a website or an app, provide the links here:
https://cpb.ngo/
In which countries do you currently operate?
How many people work on your solution team?
The Team has 8 Full-Time Employees and 1 Part-Time Employee.
How long have you been working on your solution?
We have been working on our solution for the past 2 years and a half (since October 2021).
Tell us about how you ensure that your team is diverse, minimizes barriers to opportunity for staff, and provides a welcoming and inclusive environment for all team members.
Diversity is one of our core values at the Institute: we have achieved almost perfect gender parity (52% women and 48% men at the end of 2022) and have one colleague with a disability. The organization has 27.5 Full-Time Employees (FTEs) spread across different teams. Our staff is primarily based in Europe (Switzerland, France, Netherlands, Greece, Portugal, Slovakia, UK, etc.), United States, and Africa (Kenya, South Africa). Beyond our offices in Switzerland, we have recently launched a chapter in the Netherlands, and are launching one in the United States.
What is your business model?
The business model behind the CyberPeace Builders model relies on CSR contributions of private companies. Private companies have the unique opportunity to allow their staff to engage in a volunteering initiative where they can use their knowledge and skills for positive social impact. As such, companies have access to personalized dashboards, where they can track their volunteers progress and impact in terms of assisting nonprofits with their cyber needs. Volunteers also get access to our Humanitarian Cybersecurity Training to strengthen their soft-skills and prepare them for the interaction with the nonprofits. Being exposed to the work of so many different nonprofits broadens their understanding of how they can use their skills for good. For example, during an interview for a position at a private company that supports the program, a candidate said that they applied to join the company because they are part of the program. For more information, please check out our Employers webpage: https://cpb.ngo/employers
Do you primarily provide products or services directly to individuals, to other organizations, or to the government?
Organizations (B2B)What is your plan for becoming financially sustainable, and what evidence can you provide that this plan has been successful so far?
While the CyberPeace Builders program has successfully generated over CHF 1M in 2023 through philanthropic donations and corporate CSR contributions, we acknowledge the importance of diversifying funding streams for long-term sustainability. To this end, we are actively exploring the idea of opening a "for-profit" branch that - in the long term - can sustain the further expansion and operations of the Institute. As such, Solve provides us with the opportunity to access a network of like-minded entrepreneurs and experts to achieve this objective. For more information, you can have a look at our webpage for nonprofits where we have recently launched some new paid services: https://cpb.ngo/nonprofits
Solution Team
-
AL
Mr Alexandru Lazar Program Officer, CyberPeace Institute
to Top
Our Organization
CyberPeace Institute