Minister Sharkov to the fintech industry: Let's prepare for the "unknown unknowns" in cybersecurity

The Minister of Electronic Governance and one of the leading cybersecurity experts in our country, Assoc. Prof. Georgi Sharkov, took part in a meeting of the Bulgarian Fintech Association, dedicated to the topic "Beyond the checklist: Critical omissions and lessons learned from DORA and NIS2". The forum marks the beginning of a series of professional discussions on key regulatory issues for the fintech sector.

In his speech, the Minister outlined the main provisions of the new Cybersecurity Act and related European and national normative acts, which must guarantee not only cybersecurity, but also the cyber resilience of the systems of the state, business and citizens. "Let's prepare for the unknown unknowns", Sharkov urged, describing the current environment as a "quiet war that is constantly being waged in the background".

He emphasized the key role of the financial sector: "The financial sector is one of the veins of our society. Whatever cyber insurance companies have, no insurer will fully cover a major cyber risk. Such insurance is important, but it is even more important for companies to take measures not only for cyber hygiene, but also for building a cyber culture among senior management."

Minister Sharkov also drew attention to the dependence on external suppliers: "Many companies rely mainly on external suppliers for their protection, but it is essential for each organization to ensure its own monitoring and ability to respond to incidents, as well as to develop capacity for building a Security Operations Center (SOC)." According to him, it is the internal capacity and preparation that make the difference in the first critical hours of an incident.

In a broader plan, Sharkov emphasized that "The European cybersecurity strategy goes far beyond the scope of security. We must constantly talk not only about cybersecurity, but also about cyber resilience." He noted that in Bulgaria there are still not sufficiently well-developed sectoral teams for response to cyber incidents. "We have central teams that to some extent cover these functions, but the goal should be not only to react when a disaster has already occurred, but to act in real time and to prevent", the minister emphasized.

A special emphasis in his speech was placed on the role of the so-called ISAC centers – structures for sharing and analysis of information: "ISAC - centers for sharing and analysis of information, are entirely in your hands", he addressed the representatives of the fintech sector. "This type of organization based on public-private partnership is a good practice in Europe and around the world not only for the most critically important businesses, but also for small and medium-sized businesses, for the automotive industry and many others. Building on your part the capacity to react to sufficiently early warnings of weaknesses in the systems and support is key and is your constant task."

The Minister stressed that the goal is not to achieve "visible peace" through the absence of news about incidents: "Our efforts to achieve cybersecurity will not be successful if cyberattacks apparently disappear - there will always be cyberattacks. Our goal, both as a state, and as experts, and as a community, is to achieve coordinated disclosure of vulnerabilities even before they have become public, even before the 'bad guys' have realized that we have disclosed them."

In addition to coordinating the preparations for the elections, one of the main priorities of the political cabinet of Minister Georgi Sharkov in the current caretaker government is the progress in the introduction of the European Digital Identity Wallet – the so-called "digital wallet". This topic was also part of the discussion with the Bulgarian Fintech Association, as it was emphasized that the new digital identity tools will require an even higher level of trust, security and cooperation between the state and the industry.