Security for NGO and Development Sector Workers | CloseProtectionHire

Security management for NGO and development sector workers is a distinct operational discipline shaped by humanitarian principles, donor requirements, legal duty of care, and the specific threat profiles of the environments where humanitarian programmes operate.

The Aid Worker Security Database (AWSD) recorded 484 incidents of violence against humanitarian workers in 2023, resulting in 116 killed, 94 seriously injured, and 148 kidnapped (AWSD Annual Report 2024). These figures represent a near-continuous escalation over the preceding decade. The majority of incidents – consistently around 80% – affect national staff rather than international employees.

The Organisational Security Framework

A security risk management system for an NGO operating in a high-risk environment requires four components that individual HEAT training cannot substitute for.

Threat and risk assessment. Systematic analysis of threats in the operating context: who is present, what their objectives are, what their capacity is, and what the probability and impact of different incident types would be. This is not a one-time pre-deployment exercise – the threat environment in most P1 city and conflict-adjacent operating areas changes frequently enough to require ongoing monitoring and regular reassessment. Inputs include UNDSS country security briefings (available to SLT participants), Control Risks country reports, OSAC Industry Council reports, Humanitarian Outcomes’ insecurity insight project, and local intelligence networks.

Security protocols. Documented operational procedures that give staff clear guidance on movement restrictions, communications requirements, vehicle security, accommodation standards, checkpoint procedure, and incident response. Protocols that exist only in a head office policy document and have not been briefed, rehearsed, and internalised by in-country staff do not function under pressure.

Incident reporting and management. A system for recording, analysing, and acting on security incidents at programme level and sharing relevant information with the wider humanitarian community through mechanisms such as Saving Lives Together. Incident data that sits in a country office without analysis and without influencing protocols is wasted intelligence.

Medical evacuation and critical incident management. Pre-contracted medical evacuation capability, documented medical information for all deployed staff, a critical incident management team with clearly assigned roles, and a communications protocol with headquarters. The difference between a survivable and a fatal incident frequently comes down to the speed of medical response. International SOS, Global Rescue, and Healix International all provide medevac services with NGO-specific contract arrangements.

Saving Lives Together

The Saving Lives Together framework, managed through OCHA, provides the interagency infrastructure for security collaboration in complex environments.

Participating NGOs gain access to:

• UNDSS country security briefings and alert notifications
• Shared incident databases maintained by the UN security management system
• Joint security assessments and area coordination
• Coordinated emergency communications and search-and-rescue protocols

Participation requires the organisation to appoint a security focal point, maintain a minimum standard of internal security management, and contribute information as well as consume it. SLT is not a security outsourcing arrangement – it is a force-multiplier for organisations that already have their own security management capacity.

The NGO Safety and Security Association and the Global Interagency Security Forum (GISF) both maintain resources on SLT participation and security management standards for the humanitarian sector.

Acceptance as a Security Strategy

In many humanitarian operating contexts, traditional security measures – physical hardening, armed escorts, access control – are either unavailable, inappropriate, or counterproductive. An armed escort in a community that perceives all armed actors as threats may increase, not decrease, the risk facing the programme.

Acceptance is an active security posture: the organisation’s security rests on being recognised as a neutral, impartial humanitarian actor whose presence benefits the community. Maintaining this acceptance requires:

• Consistent and transparent communication of the organisation’s mandate and activities
• Active relationship management with community leaders, armed actors, and other stakeholders
• Rapid and credible response when actions by the organisation or individual staff members compromise the acceptance position
• Clear differentiation from actors – government, military, other NGOs – whose activities or associations may create targeting risk

Acceptance does not mean operating without security measures. It means calibrating the security approach to the operating context and ensuring that security measures reinforce rather than undermine the acceptance position. The GISF Acceptance as a Security Strategy guidance (2017, updated 2022) provides the operational framework.

Close Protection for Senior Staff and Field Visits

Country directors, regional directors, and senior technical staff conducting field visits in kidnap-active environments are candidates for close protection when the general threat environment and their specific profile create a risk level that exceeds what programme security measures manage.

The Aid Worker Security Database shows that kidnap-for-ransom is disproportionately concentrated at management level: country directors and programme managers are taken for perceived value (both financial and as instruments of leverage against donor governments or headquarters organisations) at rates significantly above field staff. Senior staff field visits to remote programme areas should involve advance work, vetted transport, and clear communication protocols with a security focal point.

Close protection for humanitarian staff operates differently from executive protection. The environment is often one where a visible protection profile creates risk rather than reducing it. A low-profile security driver with area knowledge, pre-advance route assessment, and a communications protocol is often more appropriate than an overt close protection team. The protection operative needs to understand the humanitarian context and the acceptance framework – behaviour that would be routine in executive protection may compromise the programme’s acceptance position.

For field visits to P1 cities specifically, the same advance work methodology that applies to corporate executive travel applies to NGO leadership visits. See our advance work guide for the operational framework.

P1 City Profiles

Nairobi remains one of the highest-risk operating environments for the humanitarian sector in Africa. Al-Shabaab has historically targeted gatherings of international workers; the Westgate Mall attack (September 2013, 67 killed) and the DusitD2 hotel and office complex attack (January 2019, 21 killed) both affected the NGO and development sector community. Vehicle security, accommodation vetting, and movement restriction protocols during periods of elevated alert are operational requirements for all NGO staff.

Lagos presents primarily a criminal threat rather than a political one, but the scale is significant. Armed robbery, vehicle ambush on approach roads to the city, and kidnap-for-ransom affecting NGO staff are documented. The UN Kidnap Response Working Group in Nigeria has documented over 30 NGO staff kidnap incidents in 2020-24. Movement in off-hours, adherence to flagged route restrictions, and clear communication protocols reduce risk without eliminating it.

Karachi has a complex threat landscape including sectarian violence, political conflict, and targeted attacks on development sector organisations perceived as carrying Western or Christian associations. Security advisories from OSAC and the UK FCDO both rate Karachi as requiring heightened precautions. Movement in certain areas of the city, particularly at night, is assessed as unacceptable risk.

For the specific protocols applying to media teams operating in the same environments as humanitarian organisations, see our guide to security for journalists and media in hostile environments. For organisations managing security for high-risk field operations involving critical infrastructure – water, energy, health facilities – see our data centre and critical infrastructure physical security guide. For the specific security and digital threat considerations facing journalists and media teams in the same P1 city environments as NGO field staff – CPJ 2024 data, fixer security obligations, Pegasus spyware risk, and detention protocol – see our security for journalists in hostile environments guide.

Sources: Aid Worker Security Database (AWSD): Annual Report 2024. GISF: Security Risk Management for NGOs 2022. GISF: Acceptance as a Security Strategy (Updated Edition 2022). OCHA: Saving Lives Together Framework 2019. UN Department of Safety and Security (UNDSS): Country Security Briefing Framework. Humanitarian Standards Partnership: Duty of Care Principles 2023. UK FCDO: Safety and Security for NGO Staff Overseas 2024. OSAC: Humanitarian Sector Security Assessment 2024. International SOS Foundation: NGO Duty of Care Benchmarking Report 2023. Control Risks: Humanitarian Security Risk Report 2024.

For security in the post-NGO phase of international operations – specifically the distinct threat profile facing post-conflict reconstruction contractors (residual armed groups, organised crime targeting project supply chains, kidnap risk for international staff, UNDSS MOSS standards, INSO country briefings, and donor compliance requirements from USAID ADS Chapter 490 and FCDO) – see our post-conflict reconstruction security guide.