Over the years there has been a significant change in the approach of Bulgarian companies towards cyber security. However, the general level of maturity remains uneven.
While some industries, such as the financial, telecommunications and state-specific sectors, demonstrate a relatively mature position on cybersecurity, many small and medium-sized enterprises (SMEs) still lag in adopting comprehensive strategies security strategies and the general awareness of the need to protect their electronic data and assets. According to recent reports, the focus on cybersecurity has increased mainly due to the increased digital transformation that has accelerated during the COVID-19 pandemic. Demand for solutions and services in the field of cybersecurity has risen sharply, especially across industries, and sectors undergoing rapid digitisation. Technology is also evolving very rapidly and in particular cybersecurity solutions. They are becoming increasingly automated, there is almost no cyber defence product manufacturer that does not claim that its solution includes artificial intelligence. Therefore, the deployment of such solutions certainly is a step in the right direction for cyber security and business resilience.
Unfortunately, no matter how good these products and solutions become, still as one of the main challenges facing Bulgarian companies face in strengthening their cybersecurity strategies remains the lack of awareness and understanding of the full scope of cybersecurity risks. Many companies still perceive cybersecurity as an IT problem rather than as a critical business priority. There is also a shortage of skilled personnel, ISACA even speaks of over 4.5 million personnel in the industry, which is short of the global needs of business, limiting the ability of businesses to implement robust security measures. This is particularly evident for SMEs, which are experiencing greater difficulties due to limited resources. In addition, many organisations are still in the early stages of implementing proactive security measures, such as such as incident response plans and ongoing assessments of risk.
A recent report on the cyber security market in Bulgaria states that the demand for expertise and solutions in this area has increased significantly, especially in sectors such as finance, healthcare and government. For example, within government initiatives supported by the EU’s Recovery and Sustainability Plan (RSP), some €140.1 million has been allocated to the EU’s recovery and sustainability programmes. USD 140.5 million for technological upgrading and USD 16.6 million specifically for ICT solutions and cyber security enhancements for SMEs. These investments are part of a broader effort to modernize digital infrastructure and to support the initiatives of the e-government aimed at creating a more secure business environment. In addition, it is reported that many Bulgarian companies are still facing major security challenges. For example, some of the most common vulnerabilities include insufficient monitoring of authentication events and inadequate security procedures in critical infrastructure. Such weaknesses make enterprises more susceptible to data breaches and other cyber incidents, which can lead to significant financial losses and reputational damage.
Fortunately, I see some positive trends. For example, Bulgaria appeared for the second time at the European cybersecurity competition organised by ENISA (the European agency coordinating national centres for response to cyber incidents in EU Member States), last year in Italy, and managed to place 23rd out of all the participating countries and although anyone would have liked our team to have placed higher, we have to take into account that this is only the second year in which we are appearing. And our national cyber security team is made up of young talent between the ages of 14 and 25. This initiative of course has an indirect benefit – these are young talents who will soon become seasoned cybersecurity experts and will be able to help Bulgarian businesses strengthen their security. This initiative is in line with our country’s efforts to encourage a cybersecurity awareness culture and improve technical skills among young professionals. As for other significant positive features, I can point out that it is a large-scale investment in cyber security infrastructures for critical sectors such as telecommunications and the judiciary. The development of the national hybrid cloud, as well as investments in eHealth and secure communications networks, are some of the initiatives that reflect the growing focus on creating a secure digital environment.
And while we can point to significant positive initiatives, still compared to more developed markets like Germany or the United Kingdom, the maturity of cybersecurity in Bulgaria is still evolving. The difference is evident not only in terms of level of investment but also in terms of the sophistication of of the security technologies used. Apropos, for 2024 the Bulgarian cybersecurity market was expected to reach levels of around $74.14 million, and to grow by just over 9% by 2029, reaching $114.76 million. And while the larger corporations in Bulgaria have adopted some best practices – such as such as advanced threat detection and automated security monitoring – many smaller firms still rely on basic solutions. This disparity makes the entire ecosystem vulnerable as cybercriminals often target the weakest link in the network. However, the Bulgarian government’s commitment to strengthening the national cybersecurity infrastructure and the growing awareness of the business community are promising signs. Initiatives such as the EU’s RRP (Recovery Plan for Europe) have aimed to enhance cybersecurity capacity, with a focus on digital resilience and preparedness.
But companies themselves also need to take action in this. First of all, businesses need to approach cybersecurity as a strategic priority, not just as a technical issue. This means integrating security considerations into business planning and investing in awareness training employees, as human error remains one of the main causes of breaches. Secondly, companies need to conduct regular risk assessments and develop comprehensive incident response plans. Building partnerships with experienced cybersecurity service providers can also help compensate for the shortage of in-house expertise. In addition, the use of government resources and participation in national initiatives can provide additional support. Bulgaria’s focus on creating a skilled workforce cybersecurity workforce is an important step in the right direction. By aligning business practices with evolving regulations and standards, such as the new NIS2 EU directive, companies can significantly improve their security and resilience posture against cyber threats.
Let’s not forget that government policy is a cornerstone of cybersecurity maturity in the country. In Bulgaria the government has taken steps to strengthen national cybersecurity infrastructure, in particular by investing in secure cloud solutions, redundant communication systems and digitisation of public services. These policies not only enhance the security of critical infrastructure but also set standards for private enterprises to follow. Furthermore, by participating in European initiatives to cybersecurity initiatives, Bulgaria seeks to align its practices with wider EU standards, thereby improving its overall cybersecurity resilience. These efforts are encouraging as they create an environment in which public and private sectors can collaborate to build a more secure digital environment. I am an optimistic person by nature, and the forecasts are optimistic for the future of cybersecurity in Bulgaria. While still a long way to go, the increased investment and growing awareness and consciousness among business leaders are encouraging signs. As enterprises continue to adopt digital technologies and expand online their presence, the need for a mature strategy for cybersecurity will become even more evident.
Over the next few years, I expect more and more companies to adopt advanced solutions, such as systems for threat detection systems driven by artificial intelligence, automatic incident response systems, solutions for continuous vulnerability testing and simulated breach attempts, etc. In addition, initiatives to build a skilled cybersecurity workforce will begin to bear fruit, gradually overcoming the shortage of expertise and Bulgarian enterprises will become more resilient to cyber threats. While the level of cybersecurity in our country is still evolving, it is clearly the foundation for a more secure and sustainable digital future.
