Slovakia lags behind in the new European cybersecurity index EU CSI, especially in computer crime. A panel of representatives from the police, the national CERT, expert witnesses, and lawyers identified the reasons: weak reporting, a shortage of specialists, procedural obstacles, and pressure on expert witnesses. They also looked for practical ways to increase the chances of effective investigation.
Why cybercrime ends up at the bottom of the statistics
The EU CSI index evaluates multiple attributes – from linking incidents to criminal offenses, through victim reporting, to the ability to investigate. The discussion noted that part of the problem is “paperwork”: what gets into the statistics and how. The key, however, is people and processes. After the amendment to the Criminal Code, a large share of cases is handled by district precincts, which do not always have specialists, which, according to the panelists, reduces both the quality and speed of proceedings.
Victims often do not report the attack out of concern for reputation, from the belief that nothing will be resolved anyway, or simply because they do not realize they are victims. Criminal proceedings are also formalized, and threshold amounts in online fraud deter filing. In cross-border cases, mutual legal assistance to other states also lengthens timelines. There was also a dispute over whether cases at the district level are sometimes reclassified as “more familiar” offenses (e.g., fraud), which would distort the picture of cybercrime.
Evidence, expert witnesses, and investigative bottlenecks
Digital evidence is time-sensitive: it needs to be secured quickly, preserved, and processed forensically. In practice, a large part of the evidentiary burden falls on expert witnesses, but there are few of them and demand is growing faster than capacity. The discussants also raised the issue of motivation and independence – fees for expert opinions in criminal cases are low, and there is a debate over whether the forensic science institute should operate outside police structures.
Retention of traces by operators is also a problem: logs and other data do not always exist or last long enough. Operators of essential services do have a statutory duty to report incidents and preserve traces, but reality varies. The national CERT advises victims on how to proceed and what to preserve, but it does not investigate incidents; in larger cases it can alert the “right” police specialists, which, however, does not replace a systemic solution.
Ways to improve: report, train, coordinate
The panel agreed on several steps: simplify reporting (e.g., with a hub featuring forms), strengthen methodological management and cooperation among units, and build specialized teams. The police have launched training with the national CERT, and there is talk of a Department of Cybercrime at Akadémii PZ; the need for an interdepartmental working group was also voiced. Key will be to increase the number of expert witnesses and open the door for them in new fields, along with adjustments that speed up obtaining the necessary data.
Practically: report the incident as soon as possible, do not delete anything and do not reset devices, preserve logs and note down times, amounts, communications, and addresses. Operators should have retention policies and internal procedures in place so they can secure traces in time. Investigating cybercrime is difficult and does not always lead to identifying the perpetrator, but without reports, evidence, and trained people, the chances of success will not improve. Despite the problems, the discussants were cautious optimists: changes are underway and can work if they can be maintained and networked.
