IGNITE SESSION: How has the audit changed the perception of cybersecurity?
The year 2023 is the year of repeated KB audits for most PZS. How has the state of compliance changed by sector and sub-sector in individual categories of measures? Have typical audit findings changed? Were the implementation projects in the area of KB successful? What is the prediction of the state of KB in the next few years?
Cybersecurity in Slovakia is improving, but fundamental weaknesses persist. Data from NBÚ audits show progress compared to 2021, but differences between sectors are pronounced. Today, the main drivers of change are not the threat of fines, but real incidents and systematic risk analyses. The most reliable source of data on the state of cybersecurity are the anonymized results of audits by the National Security Authority. After the law was introduced (2018) and audits got underway (from 2020), a noticeable improvement can be seen between 2021 and 2022/2023, by roughly tens of percentage points. The baseline level in 2021 was around 42 %, which suggests that many organizations were only halfway to the required standards. Another wave of audits is underway this year to confirm the trend. Over the long term, the best performers are highly regulated, trust-dependent sectors – banking, energy, and electronic communications. By contrast, public administration, healthcare, and parts of industry lag behind, especially where obligations have yet to take effect or there is no business pressure for continuous availability. The differences mirror the degree of regulation and how directly security is tied to the business.What NBÚ audits revealed
