It's not a trademark and can't be trademarked, it's a common name.
I'd be interested to see an example of a "common name" that can't be a trademark.
Anything can be a trademark, as long as it distinguishes the goods/services of the mark owner from other goods/services of that type in the relevant market.
The letter "O" is a trademark. On sunglasses, it signifies that the sunglasses are made by Oakley. On the magazine rack, it signifies a magazine published by Oprah Winfrey. On an internet retail site, it signifies you are at Overstock.com.
Common words - apple, monster, tide - are all well-known trademarks for computers, energy drinks, and detergent.
Can someone take your .org domain away simply because you are not using it, and for no other reason? No.
Does not using a domain name make it easier for someone to take it if there are other reasons? Yes.
And what I mean by that is in, for example, a UDRP dispute, the complainant must prove three things:
1. The domain name is identical or confusingly similar to a trademark in which the Complainant has rights,
2. The domain name registrant has no legitimate rights or interests in the domain name, and
3. The domain name was registered and used in bad faith in relation to the trademark.
Now, that second criterion "legitimate rights" is generally established by showing that the domain name is being used for some sort of bona fide purpose, which can be a commercial purpose or a non-commercial purpose, so long as it is not an infringing purpose of some kind.
So, here's the thing. Since the Complainant has to prove three things, then there are three ways to win a UDRP if you are the respondent - i.e. by showing that the Complainant has failed to prove one of those things. In cases where the domain name is not being used, then the "legitimate rights" inquiry is a pass, since it is rare to accrue what a UDRP panel would consider to be legitimate rights through use of a domain name that isn't being used. An exception to that would be a situation where you have some other obvious connection with the name, such as if your name is Bob Johnson, and the domain name is BobJohnson.org.
In a situation where the trademark rights - and I'm not talking about the date of filing or registration of a government document, like domainers seem to obsess over - pre-date YOUR registration of the domain name, and the domain name is not being used, then the panel has very little to go on in your favor. If the domain name is close enough to the trademark, is not being used, and was registered after the Complainant established a reputation in the mark, then things aren't looking good for you. In that situation, if there is no use of the domain to point to, then you are going to have to make plausibility arguments based on the relative distinctiveness of the mark and the reputation, or lack thereof, of the Complainant. Obviously, the more distinctive the mark, the less likely that anyone is going to believe the domain name was registered as a result of some kind of coincidence.
In the situation where the domain name pre-dates the trademark rights, then it is usually not possible, absent pre-launch publicity or insider information, to show that the domain name was registered in bad faith.
Domainers frequently manage to shoot themselves in the foot in the most amazing ways.
Some time ago, I had a situation where a domainer came to me with a UDRP. The trademark claimant had started business about four years before the UDRP, but the domainer told me they had the domain name for about fifteen years.
Easy case, right?
Well, here was where things got really weird. I looked at the WHOIS history for the name, and there had been a string of people who had owned the domain name - none of whom were the person I was talking to. In fact, the current registrant of the domain name identified by the registrar was not the person I was talking to.
So, I told him the first thing I was interested in knowing was why he thought this domain name was his in the first place.
He told me that early on, someone had told him never to associate his real name and identity with his domain names so that if there was a legal problem it couldn't be traced to him. So what this guy did was to move all of his domain names through a bunch of fake names and addresses on a regular basis, in order to make it hard to show that any of the domain names were his.
I mean, look, it's bad enough that people use WHOIS privacy, and thus can never prove the domain name was actually theirs by objective data sources, but this guy had spent years actively attempting to make sure nobody could prove his domain names were his, and somehow expected to defend a UDRP on the basis that the domain names were really his all along.
Okay, well, that was the advice he got, and that was the advice he followed. It wouldn't surprise me that it was advice he got from some anonymous person on an internet forum. But it made it impossible to defend his case.
He was really surprised I said that, but I don't know what the expectation was.... "Okay, panel, here's the deal. My client has been lying about who owns this domain name for years, but now he's going to tell you the truth and say that all of those fake identities he was lying about were really him. And, just to be clear, he lied about who he was all of these years because he is a completely well-intentioned guy doing nothing wrong."
Ummm... no. The domain registration agreement with your registrar requires that you provide true and accurate information to them. So, you aren't going to defend a domain name by claiming that you had never been the valid registrant of the domain name in the first place.
But, I digress.... the bottom line here is that "non-use" by itself will not lose a .org domain name (there may be some chartered TLDs which require use). What lack of use will do is to eliminate one of the possible defenses you would have in the event the registration is challenged, and it can make the name difficult to defend. That is especially true if there are other relevant facts - and there are
ALWAYS other relevant facts.