ZAGREB, 16 May (Hina) - Investment in cyber security in Croatia remains low compared with other EU members, which is partly attributed to the country's level of economic development, and needs to be significantly increased across both the public and private sectors, it was said at the Alert cyber security conference.
The conference was organised by the IT company Asee Croatia.
Asee (Solutions) Croatia, along with two of its affiliated companies, is one of the leading IT firms in the country, employing around 600 people. It is part of the Asee Group, headquartered in Poland, which employs some 50,000 people globally.
This fourth edition of the Alert conference brought together around 200 participants from various sectors, mainly finance, to discuss a range of topics with a focus on risk management and cyber security.
Cyber security investment should match defence spending
Viktor Olujić, a member of Asee Croatia's management board, said the simplest and possibly most effective message would be that investment in cyber security at the national level should amount to about 3% of GDP - in line with the NATO principle for defence spending.
Among the sectors most exposed to cyberattacks and in need of strong cyber protection, he singled out banks and other financial institutions. Banks, he noted, already invest the most in cyber security and are also subject to strict regulations.
Transport is another highly vulnerable sector and should be more systematically covered by such solutions, particularly in the national railway system, as well as road and other transport companies and systems, the conference heard.
"Cyber security cannot be separated from the digital world, and to be able to use digital services, we must invest in their safe use - increasingly also with regard to artificial intelligence," Olujić said.
He also commented on the growing prevalence of hybrid warfare, including the misuse of various types of data and information, which can result in widespread outages of electricity, water supplies and other critical services.
In this context, he stressed the importance of being cautious about the source of AI-related equipment and systems - not only for private businesses, but also the state.
More attention needed for youth and vulnerable groups
Olujić and Asee Croatia CEO Igor Gržalja also warned that insufficient attention is being paid to protecting the most vulnerable, such as children below primary school age and the elderly - both of whom use the internet and are part of the digital world.
They said there is little systemic effort to educate and protect these groups, with most of it left to families.
They called for greater engagement and measures on the part of the state, particularly in education, as young people today need clearer and more targeted information and training - different from what was provided in the past.
"It's important for young people to become aware of and understand what lies behind mobile and other digital devices - the technologies involved and the risks - and to learn to be careful about when and to whom they send personal data and other sensitive information," Olujić said.
"In the event of a cyberattack or similar incident, new generations tend to assume that someone else - the police or some authority - will protect them, as if it doesn't concern them personally. But that won't be enough, given the frequency and sophistication of attacks, and the country's inadequate systems in this area," he added.
Banks ready to implement DORA regulation
Speaking about the banking system and the implementation of cyber security solutions, Croatian National Bank (HNB) adviser Mario Kozina addressed the full application of the EU Digital Operational Resilience Act (DORA) since 17 January this year.
"This is a complex regulation that entered into force in 2023, and now, after two years of preparation, we can say that banks in Croatia are ready for its implementation. Despite the risks and exposure, they have developed the necessary protective measures," Kozina said.
He added that the regulation harmonises various requirements and laws related to risk management across EU member states and aims to raise the level of digital resilience.
Kozina also pointed out that banks are increasingly being targeted by cyberattacks involving artificial intelligence, which the regulation also addresses. He noted that education, workshops and similar activities remain necessary to ensure all sectors are familiar with DORA and know how to apply it effectively.
