Aktuálna informácia o stave kybernetickej bezpečnosti v SR

Slovakia is gradually improving in cybersecurity, but there are large differences between sectors. The scope of obligated entities will expand and more precise metrics will be introduced. The goal is to make decisions based on data, not impressions.

How we measure cybersecurity

We collect data from four sources: from operators of essential services (anonymized data from audits under Act 69/2018), from unregulated entities (surveys), from the public, and from educational institutions with programs in the field of information asset protection. We consider a situation "not OK" when the share of partial nonconformities and nonconformities exceeds 50%; the optimum is 70% or more. Year-on-year, we see growth in the compliance rate: 2021 – 42%, 2022 – 57%, 2023 – 68%. It should be noted, however, that the sample changes because audits take place every two years, and two-year intervals are therefore more comparable.

Sectors: who leads and who lags

Banking is almost "safe" and has been fine-tuning details over the long term. Energy carried the burden of vendor lock-in and legacy systems, but became the year's standout improver: compliance rose from 69% to 81%. Healthcare acts within its possibilities, but results fluctuate depending on whether it secures funding for basic or larger measures. Public administration lags behind and, in the current year, together with healthcare, remained below 50%.

In terms of improvement, manufacturing is also notable, going from roughly 42% to 78%. Other sectors are moving forward as well, though not at the same pace. The statistics therefore need context: these are in fact different samples and varying starting levels. The trajectory, however, is positive, and with a larger number of assessed entities the picture will be more accurate.

More regulated entities and new indices

The economy is made up 99% of small and medium-sized enterprises, but the new rules for identifying obligated entities will be based on number of employees, turnover, and balance sheet total. Thus, regulation will mainly cover medium and large entities plus municipalities; the median municipality size is 669 inhabitants and roughly a thousand municipalities will become obligated entities. Together with state administration and local self-government, the estimate comes to approximately 5,000 obligated entities. This will bring more accurate and more representative statistics.

Implementation of the Cybersecurity Action Plan is currently at 53%, 47% of tasks remain unfulfilled, and there is little time left until the end of the 2021–2025 period. Since the "rate of compliance" alone is not sufficient, a national cybersecurity index is being prepared in cooperation with the NBÚ Institute of Security Studies, with the aim of completing it by the end of the year. At the European level, ENISA will publish new values of the European Index in the coming weeks. Security management will thus be able to rely more firmly on comparable and real data.

Download presentation (353kB)

Current Information on the State of Cybersecurity in the Country

How we measure cybersecurity

Sectors: who leads and who lags

More regulated entities and new indices

Ivan Makatura

Current Information on the State of Cybersecurity in the Country

How we measure cybersecurity

Sectors: who leads and who lags

More regulated entities and new indices

Ivan Makatura

Páčil sa ti článok? Zdieľaj ho a povedz o ňom aj ostatným