According to research conducted by Legal Week Intelligence and CMS, more than 100 separate cyber incidents were recorded last year affecting 18 CEE countries, yet less than a quarter of these resulted in government or regulatory action.
The report revealed that a grand total of 113 cyber incidents were reported in the CEE region last year. Hungary was one of the jurisdictions with the highest number of incidents reported, with eight reported cases. Only Romania (14) and the Czech Republic (11) recorded a higher number of cyber incidents.
However, 54% of respondents were "very satisfied" with their organizationʼs management and response to the event, with 36% "somewhat satisfied."
"Every CEE country thinks that they are very special and very different, but once you engage in deeper conversations to understand their concrete requirements and concerns, they are not that different," says Andrea Simándi, European data protection attorney at Microsoft. "Cybersecurity has now become a CEO and GC-level issue: it is so important that the leadership and boardrooms of CEE companies realize that cyber threats are for real and require effective measures to protect against. In general terms, the CEE countries are, unfortunately, still far behind Western Europe — and I hate to say that because I am from Hungary."
The survey also revealed that 88% of respondents are concerned about cybersecurity, but only 36% feel very prepared and just 21% are very confident about their ability to withstand a cyberattack.
The report claims that the impact serves as a "wake-up call" for firms which have already suffered cyberattacks. While some CEE companies suffered an impact, and had to learn a tough lesson, E.ON in Hungary had a swift response when the attack came.
"We had a cyberattack relatively recently — a hacking attempt," says Péter Ban, head of legal and compliance at the company. "I was quite proud reading the report and doing the follow-up. It worked very well: quick reaction, quick response, an investigation, counter measures were implemented, and fortunately, no evidence of any harm done."
Confidence levels in the ability to detect or withstand cyberattacks are relatively low, however. Only 39% of respondents are very confident in their ability to detect an attack, while 43% are somewhat confident. In terms of withstanding an attack, the very confident figure is even lower at 24%, with 42% somewhat confident.
Culture and education routinely play a critical part, the report claims.
"Cybersecurity awareness level is quite low in Hungary," notes Balázs Fazekas, legal and regulatory director at Invitel Group, a major player in the Hungarian telecom and information market. "Among SMEs, it is very low. In big domestic companies and multinational companies, the awareness level goes up, but is not at the right level. As legal director at our company, Iʼm in a unique situation, as we have a network monitoring unit professionally dealing with cybersecurity threats and incidents, so I am not really involved in cybersecurity incidents, except when they are GDPR privacy-related."
Some 67% of respondents believe that cybersecurity procedures and protocols used by regulators need improvement across the region. This view is shared in every single CEE country.