Cybersecurity has evolved from being a luxury to becoming a strategic priority for organisations, according to Minos Georgakis, Director of Advisory Services at PwC Cyprus.

In a recent piece of analysis, he explained that in a world where every business process is now digital, “the responsibility for cybersecurity and data protection cannot rest with a single department or individual”.

“The answer to the question of who is responsible for cybersecurity in an organisation is simple: everyone,” he said.

The digitisation of businesses and critical infrastructure means that every individual within an organisation plays a role in protecting its digital assets.

Recognising this responsibility, he added, is the first step towards building truly resilient businesses.

Recent cyberattacks in Cyprus and internationally have ranged from ransomware incidents to targeted breaches of sensitive data, highlighting the vast risks that organisations face.

“Phishing attacks, data leaks, insider threats, and advanced persistent threats (APT) are no longer just theoretical scenarios; they are the new reality,” Georgakis explained.

The consequences of these threats include substantial financial losses, erosion of customer and partner trust, and serious legal and regulatory penalties, particularly under GDPR and the new European regulations.

Organisations must move from a reactive to a proactive stance, embedding cybersecurity as a strategic priority.

“Beyond technology, this requires investment in employee education and awareness, so staff act as ‘human firewalls’,” he said.

A robust data protection strategy must be in place to ensure confidentiality, integrity, and availability of information. Compliance with regulatory frameworks such as DORA, NIS2, and ISO 27001 is also essential to strengthening resilience against cyber threats.

Additionally, rapid response mechanisms must be developed, including crisis management plans that minimise the impact of potential attacks.

The role of specialised cybersecurity consultants has become crucial, not as an additional expense but as an investment in organisational resilience and sustainability.

“Expert consultants have the necessary knowledge and experience to understand and counteract complex threats, offering meaningful guidance for the development of comprehensive protection strategies,” Georgakis said.

“Their contribution”, he noted, “extends to the creation and implementation of rapid response and recovery plans, which help mitigate the impact of cyber incidents.”

At the same time, such experts, he said, “enhance preparedness by training staff and fostering a strong security culture at every organisational level”.

In the digital economy, Georgakis pointed out, trust is not a luxury but the foundation of success.

“Customers, partners, and investors need to know that their data is secure and that the organisation they work with is resilient to attacks,” Georgakis continued. “Without this trust, growth is impossible.”

Moreover, he said that as a financial and technological hub, Cyprus is not immune to global cyber threats.

“On the contrary, the country is at the centre of cyberattacks, whether they target critical infrastructure or private companies,” he stated.

He mentioned that compliance with new EU regulatory frameworks, such as the Digital Operational Resilience Act (DORA) and the NIS2 directive for critical infrastructure security, is “no longer optional but essential for survival”.

“Protecting an organisation’s data and reputation is everyone’s responsibility, from senior management to the most junior employee,” Georgakis said.

He added that “cybersecurity, like any other critical business issue, must be embedded in an organisation’s core strategy”.

“Investing in cybersecurity is an investment in the very existence and continuity of the business. Today, that is the ultimate strategic priority,” he concluded.