Cybersecurity in Slovakia is going through a period of tightening regulation and a dynamic increase in threats. Alongside European rules, key Slovak decrees and amendments are being finalized. At the same time, the number of reported incidents is rising and differences between sectors are becoming increasingly visible.
Regulation: what’s changing in the EU and at home
The European Union has been building a comprehensive framework for cyber regulation for several years. In addition to the NIS2 directive, directly binding regulations and implementing acts are being added that strengthen requirements, especially for the digital and financial sectors; the DORA regulation is also coming into force with its implementing provisions. The goal is to increase organizations’ resilience to incidents and unify standards across markets. For digital companies, this means more obligations but also clearer rules.
At the national level, the framework for IT in public administration is being adjusted and decrees on security measures are being prepared. The Cybersecurity Act is also being amended, with implementing decrees prepared in parallel; several have passed the interministerial commenting process and are awaiting incorporation of comments. Practically, this means regulated entities should monitor the legislative process and adjust internal procedures in time. Clarification of categorization and obligations for IT in the public sector is also expected.
Threats: ransomware, APT, and 'turnkey' tools
The evolution of threats is influenced by geopolitics and ongoing conflicts, especially the war in Ukraine. The most serious attacks bear the hallmarks of state-sponsored APT groups, with ties to Russia, China, and North Korea most often cited. Hacktivists are also active, attacking for ideological reasons without proven direct links to states. Ransomware remains a key source of illicit revenue and pressures organizations to increase their preparedness.
The market for hacking tools is becoming further commercialized: on darknet platforms, services such as “ransomware-as-a-service,” ready-made phishing kits, and the rental of DDoS attacks are commonplace. Attackers also use artificial intelligence and their own LLM models to speed up preparations and improve techniques. Alongside purely cyberattacks, hybrid threats and campaigns with disinformation or hoaxes are also resonating. All this requires coordinating cybersecurity with crisis management and the protection of critical infrastructure.
Incidents and sector readiness
The National Security Authority reports an overall increase in incidents, although the number of “serious” ones is not formally rising, mainly due to the difficulty of quickly classifying them. Compared to 2023, there were 204 more reports; intrusions into systems (including successful phishing) rose by 72 %. Malware incidents increased by 8 %, with ransomware among the most damaging. Phishing remains the most common — 660 reports, also with an 8 % increase.
Most reports come from public administration, but a positive development is the marked improvement in healthcare: the number of reports increased by 135 % and the sector improved by roughly 16 % in audits. In the compliance rankings, banking traditionally leads, followed by telecommunications and the digital sector, with a notable shift seen in the energy sector. However, the overall picture on a weighted average is worsened by the large number of lower-rated public administration entities, which shows where investment in people, processes, and technologies is most needed.
