New cybersecurity regulations: how companies can save millions

By: Trademagazin Date: 2025. 03. 26. 11:05

In 2025, cybersecurity regulations became even stricter, affecting the conduct of audits and the calculation of supervision fees. The mandatory fees for companies are partly based on revenue, but a significant part of them depends on the number of systems used and their importance in the life of the company and the data they manage. Péter Kóczé, Head of Grant Thornton’s digital business, presents the means by which these costs can be reduced – by up to several million forints – and how we can lay the foundations of an optimally structured system based on professional decisions.

Cybersecurity supervision fee and audit: this is how the costs develop

According to the new regulations, each affected organization is required to pay an annual cybersecurity supervision fee to the SZTFH, the maximum amount of which is 10 million forints, depending on net revenue. Starting this year, the cybersecurity audit is mandatory to be prepared and renewed every two years.

The audit fee depends on two factors:

The company’s revenue – It is calculated based on the net revenue of the previous business year, here the multiplier increases stepwise between 1-40 billion HUF revenue, with a maximum of 4.

The number and classification of electronic information systems (EIS) – The more and higher the cybersecurity class of systems a company uses, the higher the cost of the audit.

Another significant expense can be the preparation for the audit and ensuring compliance, as most companies need external expert assistance to meet the requirements. Since this year is the first year for paying both fees, companies subject to the regulation will face significant costs in 2025.