Kosovo: Emerging Europe’s unlikely cybersecurity pioneer

Kosovo has improved on many areas of cybersecurity capacity and has gained a comprehensive understanding of existing gaps and opportunities for capacity building in recent years, a new report assessing the country’s cybersecurity says.

The report uses the Cybersecurity Capacity Maturity Model for Nations (CMM) methodology, developed by the Global Cyber Security Capacity Centre (GCSCC) at Oxford University, and is the second such assessment by GCSCC researchers in Kosovo following an initial exercise in 2015. As such, Kosovo has become the first country worldwide to have piloted the CMM and then undergone the CMM update assessment.

Emerging Europe thought leadership digital presence brand awareness

The new assessment found that Kosovo has undertaken critical steps in building cybersecurity capacity, most notably it has adopted its first National Cybersecurity Strategy (NCS). The report shows that the NCS has given impetus to an ambitious legislative reform, including the overhaul of cybercrime legislation, the development of a comprehensive umbrella law on cybersecurity, and the creation of a legal basis for the identification of critical national infrastructure. The researchers concluded that it is crucial to maintain this momentum to enable the full enforcement of these legislative initiatives.

Equal importance needs to be assigned to ensuring that established structures such as KOS-CERT have the resources and support available to fulfil their responsibilities. This last point extends to other institutions such as the ministry of economy and environment, and the ministry of education, science and technology that need additional support to mitigate the talent retention problem in Kosovo and the shortage of skilled professionals in ICT and cybersecurity.

“Strengthening cybersecurity is a crucial step to ensure that all the ICT systems and infrastructures work together safely. We have taken the recommendations from the first Cybersecurity Maturity Model seriously and have made substantial progress in the policy domain,” says Agim Kukaj, director of the Kosovo Digital Economy (KODE) project at the ministry of economy and environment. “The re-assessment is not only a guide to further improvements, but also a way of better understanding our weaknesses and strengths in a comparative manner.”

This assessment was conducted under the Global Cybersecurity Capacity Program II, for which the financing came from Korea’s ministry of economy and finance, through the Korea-World Bank Group Partnership Facility (KWPF), which is administered by the World Bank. As part of the programme, the country also benefited from a capacity-building workshop delivered in November by the Global Cybersecurity Center for Development, part of Korea’s Internet and Security Agency (KISA). The two-day workshop in November 2019 convened numerous local cybersecurity experts who got exposed to cutting-edge knowledge on cybersecurity from the Republic of Korea.


The World Bank is also supporting, through the Digital Economy Project for Kosovo (KODE), improved access to better quality and high‐speed broadband services in rural areas and to online knowledge sources, services and labour markets among citizens, and public and academic institutions.

“Like every other sector of the connected economy, the public sector is also a perennial target for cyber-criminals, and we know that effective cybersecurity is about much more than technology tools,” says Marco Mantovanelli, World Bank country manager for Kosovo and North Macedonia.

The CMM aims to enable governments to benchmark cybersecurity capacity across five dimensions: cybersecurity policy and strategy; cyber culture and society; cybersecurity education, training and skills; legal and regulatory frameworks; and standards, organisations and technologies. The GCSCC and its strategic international partners have deployed the CMM in more than 80 countries around the world since its pilot in Kosovo in 2015.

“We congratulate the government of Kosovo on the advances in the cybersecurity capacity since 2015,” says Michael Goldsmith, co-director of the GCSCC. “The 2015 CMM review and the 2029 CMM re-assessment – the first conducted globally – have broadly coincided with the beginning and end of the life cycle of the first National Cybersecurity Strategy. As such, the second CMM review provided a great opportunity to assess progress against a robust baseline and map out priorities for a successor strategy.”

Unlike many news and information platforms, Emerging Europe is free to read, and always will be. There is no paywall here. We are independent, not affiliated with nor representing any political party or business organisation. We want the very best for emerging Europe, nothing more, nothing less. Your support will help us continue to spread the word about this amazing region.

You can contribute here. Thank you.

emerging europe support independent journalism