Ransomware and its recent manifestations in medical and manufacturing facilities are only an accompanying phenomenon. Threats to cyber security are not taken seriously enough even after 7 years of cyber law. So should we deal with problems such as ransomware, data leaks, service interruptions or unavailability of resources reconsile only and address the impacts? Or security is something that the state administration can offer to citizens, but also to companies as a service, as a competitive advantage. On the contrary, how can the state administration use the experience and experts from the commercial environment?