Open search
Accessibility

Keeping people at the centre of cybersecurity

News

Written by Rica Williams, Senior Expert at eGA

Imagine what would happen if a country’s defence was only as strong as the password of its least-trained official. While this is an exaggeration, it contains a sobering pinch of truth.

As we look back at the cyber threat landscape of 2024 and 2025, a clear trend has emerged: while software grows more sophisticated, the human factor remains the most targeted vulnerability. In fact, according to the Estonian Information System Authority (RIA) 2025 yearbook, the vast majority of cyber incidents are still rooted in human error.

Cyber hygiene has moved beyond the remit of IT departments and dedicated cyber organisations such as CSIRTs (computer security incident response teams) and CERTs (computer emergency response teams).

It is now a critical pillar of national resilience and social well-being. With the rise of AI-driven phishing and automated social engineering, a single compromised account can lead to large-scale data breaches or service interruptions.

Governments must prioritise the “human firewall”because technical solutions alone cannot keep pace with the number of intrusions that start with a simple phishing link or scam scheme message.

Local context key in awareness activities

While trends in “human-driven” incidents are largely the same across the globe, there are nuances that require local knowledge to inform communication or capacity-building activities. This is where local intelligence and data-driven decision-making truly come into play.

If a country has a reliable system for incident reporting and data collection across institutions and sectors – rather than focusing solely on critical infrastructure – awareness-raising activities become far more effective.

For example, while promoting strong passwords and the use of multi-factor authentication (MFA) is a basic principle of cyber hygiene, campaigns that address specific, emerging scams or phishing attacks tend to gain more attention.

These attract more interest and are therefore more likely to achieve the end goal: changing user behaviour. In these cases, individuals are more likely to enable two-factor authentication or carefully check the URL of links sent to them.

A great example comes from Moldova, through the Moldova Cybersecurity Rapid Assistance 2.0project. The cyber crime unit of the national police identified a rapidly growing investment scam, with both the number of incidents and financial losses increasing at an alarming pace.

A wide-angle view on digital safety

Taking a broad view of cybersecurity awareness is key to resilience. The definition of “online safety” has expanded beyond technical threats to include wider societal risks such as:

  • Human trafficking: Many cases of human trafficking begin online, with digital malpractice contributing to the recruitment and exploitation of victims, as analysed by ASTRA Anti Trafficking Action(Serbia).
  • Information integrity:Awareness activities in Moldova have included identifying mis- and disinformation, as well as AI-generated deepfakes. Supporting journalism that uncovers misinformation is now a vital part of cyber hygiene.

All these initiatives address the “why,” openly pointing out the consequences of poor online hygiene. The European Digital Competence Framework (DigiComp 2.2) highlights that online safety is no longer just a technical skill but a blend of knowledge, skills and attitudes.In an AI-shaped world, citizens must develop a sense of healthy scepticism.

According to the report State of the Digital Decade 2025, online safety (cybersecurity) remains one of the weakest digital competence areas, with only around two-thirds of the European population possessing basic safety skills. While 32.7% have already used generative AI, far fewer understand its associated risks.

Cybersecurity awareness is as much a social challenge as a technical field. Our goal is to ensure that as technology evolves, people remain the strongest link in the chain.

Recommendations for governments

To educate a population effectively, governments should consider:

  • Data-driven decisions:Clear governance models that coordinate awareness-raising efforts.
  • Contextual learning:Moving beyond generic advice to industry-specific training.
  • Addressing AI:Training users to identify deepfakes and AI-generated phishing.
  • Large-scale campaigns:Treating cyber hygiene with the same urgency as public health.
  • Multiple partners:Engaging CSOs, NGOs and universities through grant schemes.

“Stop Fake Investments!” campaign in Moldova

In Moldova, the urgent need for a “human firewall” was underscored by a sharp rise in sophisticated online fraud. Banking crimes increased from 73 million lei (about €3.5 million) in 2024 to over 211 million lei (about €10.1 million) in the first nine months of 2025 alone.

This alarming triple-digit increase in damages prompted the national police to launch the “Stop Fake Investments!” (Stop Investițiilor False!) campaign in October 2025 together with eGA. By issuing public warnings (featuring local influencers) and exposing scammers’ tactics, the four-week social media campaign delivered significant impact:

  • Reach: 513,725 people connected
  • Engagement: Over 1.1 million impressions
  • Media coverage: Nine TV channels and 35 articles in local media

Through the campaign, the cyber crime unit shifted from reactive policing to a proactive digital hygiene, engaging the public through leaflets, press conferences and direct outreach.

➡️ Listen to the episode on cyber hygiene awareness initiatives in Moldova: https://ega.ee/podcast-blog-cyber-safety-public-good-moldova/

Targeted actions in the Western Balkans via KnowCyber grants

Similar examples of targeted awareness activities can be found among KnowCyber grantees in the Western Balkans (Albania, Bosnia and Herzegovina, Kosovo, Montenegro and North Macedonia). Here, NGOs designed activities relevant to specific audiences, ranging from students and teachers to SMEs and media organisations.

Low levels of cybersecurity knowledge among SMEs require urgent attention, as SMEs constitute the majority of many economies.

As part of the Cyber Balkans project (funded by the EU and implemented by eGA), several insights emerged:

  • Albania:A survey by the Independent Forum for the Albanian Woman found that over 70% of SMEs lacked formal cybersecurity policies and 80% had no training.
  • Montenegro:A survey by the NGO Secure revealed that 76.5% of SME respondents were unfamiliar with the concept of cyber hygiene.

Key projects

Moldova Cybersecurity Rapid Assistance 2.0

Building on the successes of Cybersecurity Rapid Assistance 1.0, version 2.0 of the project strengthened Moldova’s cybersecurity by increasing the cyber-resilience of public sector organisations and critical infrastructure sectors.

➡️ Learn more: https://ega.ee/project/moldova-cybersecurity-rapid-assistance-2/

Cyber Balkans

This project aims to strengthen cyber resilience in the Western Balkans by enhancing cybersecurity prevention, preparedness and response among public and private stakeholders in Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia and Serbia, aligned with EU standards and best practices.

➡️ Learn more: https://ega.ee/project/cyberbalkans/

Cybersecurity

Cyber Balkans

Finished
Albania
Bosnia and Herzegovina
Kosovo
Montenegro
North Macedonia
Serbia

Moldova Cybersecurity Rapid Assistance 2.0

Finished
Moldova

e-Governance Academy Foundation – eGA

General contact
Client relations & partnerships 
Press inquiries
Address
Ahtri 6, 10151, Tallinn, Estonia
eGA logo
logoegov
NCSI logo
Tallinn Cyber Diplomacy Summer School logo white
KonwCyber
logo-iso-9001

2026 © All rights reserved.