This article was created by
Radu Serrano, eGA
Share this article!
Regional Outlook of the WB6
This article is powered by eGA’s National Cyber Security Index (NCSI), a global live index which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. Available at https://ncsi.ega.ee/, the NCSI is also a database with publicly available evidence materials and a tool for national cyber security capacity building.
The WB6 region demonstrates a high focus on responsive cybersecurity, followed by a slightly decreasing emphasis on preventive and strategic cybersecurity. Regionally, research and development, and crisis management are the lowest-scoring capacities that require a somewhat urgent improvement. The top three scoring capacities, in descending order, are: personal data protection, combating cybercrime, and incident response. In the mid-ranges, we can find the global contributions, education and professional development, the cybersecurity of CII and of digital enablers, and cybersecurity policy.
Albania
Albania exceeds the regional scores in all three cybersecurity categories. In terms of the twelve capacities, it is the only economy in the region that scores full marks in half of them. Nevertheless, research and development remain under the regional average, and there might be room for improvement in the protection of digital enablers and the fight against cybercrime, given that its national scores are close to the regional ones.
For more in-depth information about Albania, please visit the following article.
Bosnia and Herzegovina
Bosnia and Herzegovina underperforms in the cybersecurity categories compared to regional averages, possibly due to its corresponding governance and administrative structure. This also translates to a third of the capacities, with an urgent focus needed on cybersecurity policy, the protection of CII, incident response, and crisis management. Nevertheless, it scores top marks in personal data protection and the fight against cybercrime. Additionally, it is the only economy in the region with evidence of research and development efforts.
For more in-depth information about Bosnia and Herzegovina, please visit the following article.
Kosovo(*)
Kosovo underperforms in cybersecurity categories compared to regional averages. The capacities with dire need of attention include crisis management and research and development, at the national level, and global contributions, at the regional or international level (which might be affected by the lack of homogeneous international recognition). Incident response and the protection of digital enablers exceed the regional average, while personal data protection is fully marked.
For more in-depth information about Kosovo(*), please visit the following article.
Montenegro
Montenegro’s responsive and preventive cybersecurity scores exceed the regional average, while its strategic score is exceptionally close to that of its regional counterparts. A third of its capacities (i.e., global contributions, protection of CII, and of personal data, and incident response) are fully maxed out, while education and professional development, threat awareness, crisis management, military cyberdefense, and research and development are below the regional average. The capacities used in the fight against cybercrime are on par with the region’s, and the protection of digital enablers exceeds them.
For more in-depth information about Montenegro, please visit the following article.
North Macedonia
North Macedonia’s responsive and strategic cybersecurity scores exceed the regional average, while the preventive score is a bit distant from its regional counterparts. Specifically, in terms of capacities, only military cyberdefence, the protection of CII, and research and development underperform compared to the regional averages. It scores top marks in the fight against cybercrime and personal data protection, and much better that the regional scores in crisis management, education and professional development and cybersecurity policy.
For more in-depth information about North Macedonia, please visit the following article.
Serbia
Serbia exceeds the regional scores in all three cybersecurity categories. A fourth of its capacities (i.e., protection of CII, and of personal data, and incident response) are fully maxed out. It appears to be underperforming in research and development, as well as in global contributions. However, the rest of the capacities (with the exception of the fight against cybercrime capacities, which are equal to the regional values) exceed the region’s average scores.
For more in-depth information about Serbia, please visit the following article.
Additional references
Additional references:
- NCSI | Albania. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/al/
- NCSI | Bosnia and Herzegovina. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/ba/
- NCSI | Kosovo(*). (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/xk/
- NCSI | Montenegro. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/me/
- NCSI | North Macedonia. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/mk/
- NCSI | Serbia. (2025) e-Governance Academy (eGA). https://ncsi.ega.ee/country/rs/
Disclaimer:
(*) This designation is without prejudice to positions on status, and is in line with UNSCR 1244/1999 and the ICJ opinion on the Kosovo declaration of independence.
This article was written in May 2025, with the data available at that time in the NCSI. If you believe the current NCSI information is wrong or outdated, please contact us at and send us your comments, questions and any updated data.
