CMM Review Republic of North Macedonia (as part of the Global Cybersecurity Capacity Program I)

Suggest a page edit


In collaboration with the World Bank (WB) and the Ministry of Information Society and Administration, the GCSCC undertook a review assessment of the maturity of cybersecurity capacity in the Republic of North Macedonia at the invitation of the Ministry of Information Society and Administration (MISA).



The objective of this review was to enable the Republic of North Macedonia to gain an understanding of its cybersecurity capacity in order to develop the country’s national cybersecurity strategy, and to strategically prioritise investment in cybersecurity capacities.


The Global Cyber Security Capacity Centre (GCSCC) conducts research to understand and identify trends in cybersecurity, to help the world prepare and respond to cyber threats. Together with a global multistakeholder community with expertise in cybersecurity capacity building, the Centre has developed a model that helps countries self-assess and identify their strengths and needs for their cybersecurity maturity. The Cybersecurity Capacity Maturity Model (CMM), which was last revised in 2021, considers cybersecurity maturity to comprise five dimensions which together constitute a wide breadth of national capacity that a country requires to be effective in delivering cybersecurity resilience. Dimension 1 looks at the country’s ability to develop and implement cybersecurity policies and strategy. Dimension 2 looks at culture and societal elements that affect public understanding and their ability to protect themselves in the cyberspace. Dimension 3 looks at the initiatives by different stakeholders in driving cybersecurity awareness among users. Dimension 4 looks at the capacity of countries to prosecute cybercrime and Dimension 5 looks at the availability of protective technologies and standards

The GCSCC’s support to a CMM in the Republic of  North Macedonia was funded by the United Kingdom, Korea-World Bank Group Partnership Facility (KWPF) under its Global Cybersecurity Capacity Program.


After the CMM’s findings, the government took several steps to increase its cybersecurity maturity; for instance a working group was created, followed by North Macedonia’s first National Cybersecurity Strategy which was finally adopted by the government in July 2018. In addition, a multi-stakeholder, inter-agency coalition was formed, bringing together the Ministries of Information Society and Administration, Defence and Interior.

Around 70% of the CMM recommendations were incorporated into their National Cybersecurity Strategy (adopted July 2018); the remaining recommendations were planned to become part of the follow-up Action Plan for 2018–22.

Training on electronic evidence provided by the Academy for Judges and Public Prosecutors of Macedonia was shown to be in place, although the capacity of prosecutors and judges to handle cybercrime cases, and cases involving digital evidence, was considered by review participants to be limited and ad-hoc.

North Macedonia launched an awareness-raising campaign in October 2018 to conduct promotional activities related to cybersecurity and to create educational resources for distribution via different media channels.


The CMM report was completed in 2018.

A summary of the CMM’s findings and information on follow-on action was included in the World Bank’s report ‘Global Cybersecurity Capacity Program: Lessons Learned and Recommendations Towards Strengthening the Program’.

In addition, the World Bank financed a cybersecurity awareness video to help spread information among the general public about the importance of cybersecurity for every citizen.

The CMM assessment process facilitated the formation of the National Cybersecurity Working Group consisting of the Ministry of Information Society and Administration, Ministry of Interior, and Ministry of Defense, and which is supported by national MKD-CIRT team.

Finally, the CMM assessment significantly presented the National Cybersecurity Strategy 2018-2022.


The in-country assessment review according to the CMM methodology was conducted from 30 January – 1 February 2018. The cybersecurity capacity review was conducted by the GCSCC in cooperation with the World Bank. The assessment was hosted by the MISA jointly with the Ministry of Defense and the Ministry of Interior. Within the review, a roundtable including the following actors took place: public sector entities, criminal justice sector, finance sector, technology and telecommunications sector, critical infrastructure owners, academia, pprofessional societies/non-governmental organizations (NGOs) as well as representatives from the international community.

The World Bank also facilitated, in cooperation with the MISA and the Global Cybersecurity Center for Development (GCCD) of Korea Internet & Security Agency (KISA), a capacity-building workshop in Skopje on 2-3 April 2018. The main focus of the workshop was the National Cybersecurity Policy and Framework & National CERT/CSIRT Operation.


Microsoft Word – CMM_FYROM_Report_final_13 August2018_2.docx (

Other website links

Promoting Cybersecurity in FYR Macedonia (

North Macedonia | Global Cyber Security Capacity Centre (

World Bank Document

The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.