When protection is no longer enough: cyber exposure in 2025

This article is available for reading in Trade magazin 2025/8-9.

Guest writer:
Daniel Wittinghoff
business development director
Mastercard

Guest writer:
Mondovics Péter
head of marketing
Mastercard

The Mastercard report has found that most organisations are vulnerable not because of a lack of technology, but owing to slow response times. While a cyberattack can take place in seconds, detection and response often take days or weeks, which increases the extent of the damage many times over. SMEs in particular tend to lack incident management practices and designated responsibilities, and their response is reactive rather than preventive.

Blind spots: no resources, no strategy

A large proportion of companies don’t have an integrated cybersecurity strategy. There is often a lack of a unified approach: IT security isn’t integrated into risk management, decision-making or business continuity planning. 58% of Hungarian organisations don’t have formal procedures in place to react to a cyberattack. The “zero trust” model is one of the most promising approaches to cybersecurity: no one can be trusted automatically, even within the internal network. However, Mastercard says only 16% of companies use a comprehensive zero trust model. Barriers to adoption include complexity, integration difficulties between existing systems and a lack of commitment at the management level. Self-reported security spending is frequently not in line with actual effectiveness.

Not (just) a technical issue

According to the Mastercard report, the effectiveness of protection depends at least as much on organisational culture and regulatory frameworks as it does on technology. Many companies in Hungary lack well-defined incident management protocols, and it is unclear who should do what if an attack occurs. Cyber threats are no longer just an IT risk, but a business and financial reality. The frequency and consequences of attacks are placing an increasing burden on business operations, from data loss and reputational damage to reduced competitiveness. Small and medium-sized enterprises are particularly at risk: they rarely have the reserves or insurance protection to deal with the aftermath of a major incident.

Hidden risks in the background

Mastercard’s report warns that companies often fall victim not through their own systems, but through their external partners. The supply chain – especially digitally connected service providers and subcontractors – is increasingly becoming a target for attacks. Attackers gain access to the infrastructure of large companies through a smaller, less secure partner, enabling them to access sensitive data or paralyse operations. Mastercard’s research claims: the number of such indirect attacks has increased by 38% in the last two years. It has become necessary to regularly audit the supply chain, introduce minimum security requirements and integrate partner risks into the corporate risk management strategy. Security is no longer a state, but a process: as threats are becoming more sophisticated, so must the responses. (x)