Digital resilience in the age of AI is a moral and organisational stress test for NGOs

Because in the end, everything we are trying to protect comes back to human beings.

This afternoon I joined a session on cybersecurity and resilience for NGOs at HSD Security Delta Campus in The Hague. A valuable and well-facilitated conversation on how digital safety has become a full systems question. It touches governance, human behaviour, values, power and design choices. Tools and protocols matter, but without a broader resilience strategy they are not enough.

The speakers made this complexity tangible. Daan Rijnders set the frame of digital peace for societal organisations, in the context of the municipality of The Hague. Which is a terrific case study in terms of complexity, because many international stakes are being handled there, for instance when world leaders gather on a tiny plot of land, and safety is of the essence. Jim Boevink from the CyberPeace Institute highlighted the growing vulnerabilities of NGOs, including resource constraints. Data security costs money and 'someone' (you can almost hear the fundraiser cry out 'SOMEONE?') has to carry that responsibility. And Marc Lenz from ObjectivEye showed how everyday digital systems can unintentionally create exclusion, opacity and risk, but at the same time sift out HR-mismatches (that can prove to be quite costly).

What's clear is that digital threats are not only about incidents, but rather algorithmic decision-making, dependency on invisible infrastructures and declining transparency in how choices are made. These are strategic issues for NGOs working with vulnerable groups and sensitive data. Data breach for these organisations sometimes means direct harm to human beings. Their personal safety.

In many organisations, resilience only appears on the agenda after something goes wrong. Then the question is: why didn't we prepare for this? We have fire drills. Sometimes data breach protocols. But structural resilience is postponed to "later", which often turns out to be too late. Especially in smaller NGOs, where one person may carry IT, data management and several other roles at once.

I was reminded of a moment in 2021 when I suggested developing a contingency plan for a damaged international internet cable. The response was: "Stick to your daily expertise, Jojanneke, how is digital content coming along?". That response captures the problem exactly. Resilience is treated as something outside daily work, when it actually belongs at its core.

Digital resilience requires shared responsibility for questions like:

• what dependencies are we building into our organisation
• which platforms and assumptions shape our systems
• who do we entrust our information to
• what happens to people if a breach occurs
• who decides when technology fails
• which values remain intact under pressure

And perhaps the most uncomfortable one. How much of our humanity are we preserving inside the technological structures we are building?

One of the strongest shifts in today's session was from cybersecurity to algorithmic security. From defence to direction. From reacting to threats to consciously shaping a digital reality that supports rather than undermines an organisation's mission. For example in recruitment, data governance and funding priorities for digital safety.

For me, this confirms that resilience is not an individual skill and not a separate policy track. It is a systemic quality that touches personal resilience, organisational culture, technology, sociology and politics at the same time.

Resilience should be everyone's concern. Not only when things become urgent, but long before they do. If you don't want to fall through the cracks tomorrow, today is the best moment to start navigating.

This connects also to the work I do together with Josje van Beek Consultancy BV in our in-company workshop Flow and Resilience in the Age of AI. We guide teams in having structured conversations about AI, roles in the workplace and the tension between technology, human functioning and organisational culture. No hype or fear mongering. Just radical clarity and shared responsibility.

If we talk about digital peace today, we must also talk about daily work practices, decision-making and mental space.

I am curious about your experience. Where does the tension between technology and mission show up most clearly in your daily work? And in what ways is resilience still something for "later", when it actually belongs in everyday work, tech and leadership?

That conversation may be just as important as the next tool we decide to adopt.