Skip to content

Cybersecurity in BiH –  Still a Long Way to Go


Cybersecurity has emerged as a pressing global issue, transcending geographical boundaries and affecting individuals, organizations, and nations worldwide. In our interconnected digital age, the proliferation of cyber threats such as hacking, data breaches, and ransomware attacks poses significant risks to the stability and security of nations’ critical infrastructure, economies, and personal privacy.

The importance of robust cybersecurity measures has never been greater, as governments, businesses, and individuals grapple with the escalating frequency and sophistication of cyberattacks, necessitating global cooperation and concerted efforts to safeguard our digital ecosystem.

Cybersecurity in the Balkans presents a complex landscape, with countries such as Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia and Serbia facing unique challenges in protecting their digital infrastructure from cyber threats.

The published policy brief will give more insight into the situation in this field in BiH, stating out the current and past developments, as well as offering recommendations and identifying threats different actors are facing.

Despite the rising global cyber-attack rates, Bosnia and Herzegovina still lacks a cybersecurity strategy, although some strategies at various levels in BiH partially deal with the cybersecurity issue. BiH is the only country in the Western Balkans without such measures for combating cyberspace threats. The European Commission noted the lack of a comprehensive strategic approach as early as 2016, stating that Bosnia and Herzegovina’s response to cyber security threats was inadequate.

There is no official data on the number and type of cyberattacks. Unofficial information indicate that BiH’s cyberattacks have increased by 1300 times weekly. Out of 68 institutions of BiH, 24 institutions of BiH had recorded cyber-attacks.

There is a significant delay in establishing the CERT for BiH institutions in relation to the defined deadline. It was only in May 2023, six years after the initial decision of the Council of Ministers, that the conditions for establishing that body were met, although several other CERT teams function at the entity and institutional level.

As of now, the academic Cyber Security Excellence Centre is the only functional and operational CERT covering BiH territory, dealing in threat analytics, information sharing, incident response and giving advice and support.

Between November 17 and December 17 last year, Bosnia and Herzegovina faced over 9.2 million cyber threats, mainly DDoS attacks. The vulnerability of citizens, businesses, and crucial sectors like law, economy, energy, health, and education to cyberattacks was highlighted in the recent audit report by the Audit Office of Institutions in Bosnia and Herzegovina.

As a result of the postponement, there is yet no guarantee for a synchronized strategy in handling cyber breaches. The lack of legislation and strategic framework, inadequate coordination and the lack of awareness across the whole society renders BiH society open to cyber threats and block both proactive and reactive cybersecurity measures from being implemented across Bosnia and Herzegovina’s institutions.

NATO representatives and experts are increasingly worried about the susceptibility of Western Balkan nations, Bosnia and Herzegovina included, to cyber threats, particularly those targeting crucial systems, originating from nations such as Russia.

To overcome the issues, BiH should develop Cybersecurity Strategy, establish CERT for BiH institutions, work on facilitating and promoting public-private partnerships, work on regional and international cooperation, invest in IT infrastructure and implement an awareness campaign on the importance of cybersecurity at all levels of the society.

More on this issue you can read in the publication “Cybersecurity in BiH – Progress, Potential and Unfinished Business”.