by Albert Alsina (ERNI Spain)
In today’s interconnected world, cybersecurity is no longer an IT issue. It is a business imperative. Organisations face a landscape shaped by rapid digitalisation, geopolitical tensions, economic uncertainty and constantly evolving threats. Software powers critical services, data drives decisions, and every digital connection represents both opportunity and risk.
Impact on specific domains
The scope of cybersecurity has expanded far beyond protecting networks and devices. In financial services, attacks on payment systems or sensitive data can have immediate global consequences. In healthcare and life sciences, breaches can put patients at risk. Manufacturing and critical infrastructure face threats that could disrupt operations or even safety. Across sectors, attackers exploit complexity, speed and human error, and the stakes have never been higher.
According to the ENISA Threat Landscape report 2025, in Europe, the financial sector is the third most targeted domain, with 46% of attacks impacting European banks (credit institutions), followed by 13% of attacks affecting public financial organisations. The uncertainty of today’s environment amplifies these risks. Geopolitical tensions can trigger state-sponsored attacks. The methods are becoming more sophisticated, creating a landscape that is more volatile and treacherous than ever before.
The World Economic Forum reports that 72% of global executives now take geopolitical events into account in their cybersecurity strategies. Also, economic pressures drive organisations to accelerate digital projects, sometimes at the expense of thorough security practices. Supply chain dependencies and cloud adoption introduce additional layers of vulnerability. And while technology evolves, attackers continuously adapt, finding new entry points in AI, IoT or remote working environments.
The most targeted sectors worldwide
Source: ESET – APT Report 2024-2025
Cybersecurity as a strategic capability
In this context, cybersecurity must be approached as a strategic capability, not a reactive measure. Proactive security in software development, thorough testing of applications, and compliance with emerging regulations like the Cyber Resilience Act are no longer optional – they are essential to resilience and trust. Organisations that embed security across processes, invest in defensive and offensive capabilities and adopt a forward-looking perspective can navigate uncertainty with confidence.
Connected systems, real-world consequences
Today’s products rarely operate in isolation. They are part of interconnected ecosystems that directly affect everyday life. Smart homes rely on secure interfaces to protect privacy and comfort. Medical devices must communicate reliably to safeguard patient safety. Industrial systems depend on secure automation to prevent downtime and production losses. Vehicles exchange data continuously to enable real-time safety on the
road. In all these domains, trust is assumed until it is broken.
When security fails, the impact is immediate and tangible. Regulations such as the Cyber Resilience Act aim to make security visible, measurable and maintainable throughout a product’s lifecycle, shifting the focus from isolated controls to systemic resilience.
What resilience looks like in practice
Resilient systems do not emerge by chance. They are the result of deliberate design choices and disciplined execution. Security must be considered from the earliest stages, through threat modelling, clearly defined security requirements and alignment with relevant standards. Decisions made during design often determine whether security later becomes an enabler or an obstacle. Equally important is integrating security into everyday development workflows.
5 stages of cyber resilience
Source: https://www.weforum.org/stories/2022/07/how-do-you-safeguard-a-city-from-cyber-attacks
Secure-by-default architectures, software bills of materials and CI-integrated vulnerability scanning allow teams to address risks continuously rather than reactively. Security becomes part of how software is built, not something added at the end.
Resilience also extends beyond release. Secure deployment, observability, patch management and monitoring are essential to maintain operational integrity overtime. Continuous testing through penetration testing, red teaming and proactive assessments ensures that risks remain visible, manageable and reduced as systems evolve.
Conclusion
This issue of .experience explores the full spectrum of cybersecurity challenges and responses. You will learn how secure development practices prevent vulnerabilities, how regulatory frameworks are shaping responsibilities, and how offensive testing provides insight into real-world risks, as told by a tale of three characters – ‘The Good, the Ugly and the Bad’ – representing developers, compliance officers and ethical hackers.
By understanding the broader context, organisations can turn uncertainty into opportunity and build the foundations for long-term resilience. Cybersecurity is no longer a matter of ‘if’ but ‘how’. The organisations that succeed will be those that treat security as an integral part of their strategy, aligning technology, processes and people to the realities of a fast-changing world.
