The Cybersecurity Summit Cyberfy 2025 gathered leading experts, policymakers, and industry professionals to discuss the future of digital protection in Serbia and beyond. The event highlighted a clear shift in cybersecurity thinking – from reactive compliance to proactive, risk-based resilience.
A new era for Serbia’s information security law
Keynote speaker Dr. Marko Krstić emphasized that Serbia’s new Law on Information Security marks a turning point for national preparedness. The law moves beyond formal compliance, promoting practical implementation, inter-institutional cooperation, and proactive vulnerability detection. It also stresses continuous education and joint response frameworks – which are vital components for a resilient national cybersecurity ecosystem.
Tackling insider threats in banking
The panel on insider threats in the financial sector underlined that compliance alone is not enough. Effective defense depends on cultivating a culture of trust, accountability, and awareness across all levels of an organization. While regulatory frameworks lay the foundation, their real strength lies in everyday practice – through training, cross-departmental collaboration, and strong leadership support.
Experts agreed that the human factor remains the greatest risk and the strongest line of defense. Building trust, encouraging open communication, and stimulating the reporting of suspicious behavior prove far more effective than any single technological control. Realistic simulations and business impact analyses were also highlighted as essential for improving readiness.
From technical expert to business strategist: redefining the CISO role
Another key takeaway was the evolving role of the Chief Information Security Officer (CISO). As panelists noted, cybersecurity success depends on the ability to translate technical risk into business impact. The modern CISO acts as a strategic partner to leadership – bridging technology and management while fostering a culture of shared responsibility.
Investing in communication and understanding between departments has become a hallmark of resilient, sustainable business operations.
Cyber threats in the electric vehicle ecosystem
The growing digital complexity of electric vehicles (EVs) brought another important discussion: how cybersecurity now directly impacts human safety. As cars evolve into “computers on wheels,” new attack surfaces emerge – from compromised sensors and mobile apps to cloud-connected charging infrastructure.
Panelists stressed that compliance with standards such as ISO/SAE 21434 and the Cyber Resilience Act is vital, but insufficient unless security is integrated “by design” from the earliest product stages. Transparent patching responsibilities, continuous testing, and ethical accountability toward users were cited as key to building public trust.
Strengthening supply chain and third-party resilience
With cyberattacks increasingly targeting suppliers and partners, third-party and supply chain risk management (TPRM) was recognized as a critical pillar of modern defense.
Speakers highlighted that robust TPRM combines technical safeguards, legal obligations, and regulatory compliance with frameworks such as DORA, NIS-II, and the Cyber Resilience Act. A risk-based approach – supported by self-assessments, onsite audits, and strict contractual requirements – helps organizations maintain high protection levels throughout multi-layered supply chains.
Given the growing complexity of vendor ecosystems, participants also emphasized continuous monitoring, re-evaluation, and remediation as ongoing responsibilities that must be woven into overall business continuity strategies.
Building predictive, not reactive, cybersecurity
Experts agreed that the future of cybersecurity lies in predictive defense, powered by AI, automation, and data analytics. However, true effectiveness requires cultural transformation within organizations—placing CISOs at a strategic level and ensuring strong coordination between human and technological elements. Tools alone cannot secure an enterprise without well-defined processes and collaboration.
The final session, “Modern and Safe Software Development in Mozart,” presented a real-world case study from Mozart Beta. The company demonstrated how embedding security in every stage of software creation – from design to deployment – enables faster innovation without compromising protection.
Through automation, DevSecOps practices, and continuous monitoring, teams can maintain speed and quality while ensuring security. Panelists agreed that measurable KPIs, realistic planning, and AI-driven code analysis are vital to early vulnerability detection and long-term resilience.
