This article was created by
Radu Serrano, eGA
Share this article!
Cybersecurity in Serbia
This article is powered by eGA’s National Cyber Security Index (NCSI), a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. Available at https://ncsi.ega.ee/, the NCSI is also a database with publicly available evidence materials and a tool for national cybersecurity capacity building.
Serbia demonstrates a high, equalising level of responsive and preventive cybersecurity, followed by a slight decrease in emphasis on strategic cybersecurity. Cybersecurity development slightly transcends its digital development, providing important confidence in the overarching digital transformation process.
Strategic cybersecurity
Serbia’s cybersecurity policy appears to be well established. There are clear indications of high-level cybersecurity leadership and policy coordination, with a corresponding strategy until 2026. However, the corresponding action plan for these last years of the national strategy remains elusive.
The country excels in education and professional development, demonstrating its commitment to cybersecurity in primary, secondary and tertiary education. Nevertheless, there is a lack of information on associations for cybersecurity professionals.
In addition to its national endeavours, Serbia maintains international cyber diplomacy engagements. However, its commitment to international law in cyberspace and contributions to international capacity building are not clear. Unfortunately, cybersecurity research and development are underperforming.
Preventive cybersecurity
Like the rest of the region’s economies, Serbia fulfils all personal data protection indicators with the corresponding legislation and authority. In the same light, it is one of the three countries that fulfils all indicators relative to the cybersecurity of critical and critical information infrastructure.
The Law on Electronic Document, Electronic Identification and Trusted Services in Electronic Business legislates half of the items relative to the cybersecurity of digital enablers, and a specific regulation does the same for secure electronic identification. Public cyber threat reports and awareness resources are made available, but the corresponding entities for threat analysis and awareness-raising coordination seem to be unavailable.
Responsive cybersecurity
Among the region’s economies, Serbia is one of three that fulfils all cyber incident response indicators. Nevertheless, procedural law provisions seem elusive in the fight against cybercrime.
The country has prepared with national civilian exercises, and its existing military cyber defence capacity has done the same with military exercises as part of crisis management and military cyber defence. Nonetheless, the remaining corresponding capacities and documents seem to be missing.
Overall
Serbia demonstrates 72.50% and 96.82% completion rates of eGA’s NCSI and ITU’s 2024 GCI, respectively. This NCSI score surpasses the average of the EGDI and NRI digital development metrics, thus demonstrating that cybersecurity is being considered in the country’s digital transformation process.
Additional references
- E-Government Survey 2024: Accelerating Digital Transformation for Sustainable Development. (2024) United Nations Department of Economic and Social Affairs. https://desapublications.un.org/
- Global Cybersecurity Index, 5th (2024) International Telecommunication Union (ITU). https://www.itu.int/gci
- NCSI | Serbia. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/rs/
- Network Readiness Index 2024: Building a Digital Tomorrow: Public-Private Partnerships for Digital Readiness. (2024) Portulans Institute. http://www.networkreadinessindex.org
Disclaimer: This article was written in May 2025, with the data available at that time in the NCSI. If you believe the current NCSI information is wrong or outdated, please contact us at and send us your comments, questions and any updated data.
