Dual edge of data

Although Slovenia ranks among the top ten countries on the OECD Open Data Index, a Eurobarometer survey reveals growing public concerns about digital rights and data protection. Only 46% of Slovenians trust the EU to safeguard their digital rights, and 62% are concerned about online safety for young people.

Last week’s conference by the Institute for Strategic Solutions (ISR), titled In Data We Trust: Accept or Decline?, explored these challenges. Leading experts from the government, banking, insurance, postal, and healthcare sectors, under the guidance of certified ethical hacker and cybersecurity expert Milan Gabor, discussed the challenges of digital literacy, user experience, and cybersecurity in a roundtable session. Speakers exchanged best practices during the closing panel on how small and medium-sized enterprises can contribute to innovation in the Slovenian market through responsible data use.

“About a month ago, news broke of a hacking attack on the University of Maribor, and we regularly hear about attacks on critical infrastructure. These attacks are often a consequence of geopolitical events, resulting in an increasing sequence of cyberattacks,” were the opneing remarks by Tine Kračun, ISR Director. According to the World Economic Forum (WEF), approximately 2,200 cyberattacks occur daily, with monthly damages estimated at $700 billion. Despite these risks, data brings huge advantages — the key question is how to invest in it with trust while maintaining security.

“There are two narratives about data — there’s increasingly more of it, yet at the same time, less of it,” said Dr. Jure Stojan, partner and director of Development and Research at ISR. While the International Data Corporation (IDC) estimates that 180 zettabytes of new data will be generated this year, Stojan highlighted the critical issue of sustainability. “Statistics show that 38% of websites went offline in 2013, 31% in 2018, and this percentage dropped to 8% last year.” He pointed to the gap between social understanding and everyday practice: data often arises as a byproduct of our entertainment, information-seeking, and device usage, while regulations like European sustainability reporting standards, requiring 1,177 data points, demand intentional collection.

On one side, we have data quality, transparency, and usability; on the other, its security. “Maintaining trust with our policyholders is essential. Advanced cybersecurity, transparency, and communication—specifically which data we collect, why, and how we ensure its security—are critical,” emphasized Matija Šenk, CEO of Vzajemna Health Insurance, during a panel on data security. Similar challenges exist at Pošta Slovenije, which, according to Slavko Ovčina, Director of ICT Solutions Division, “began its digital service transformation years ago. Over the past year, we’ve launched numerous projects, which inevitably involve elements of information security. The recipient must be protected, and the sender must be credible.”

The challenge of maintaining trust is particularly significant in the public sector, while businesses may be a step ahead in digital operations due to earlier adoption of legislation, explained Dr. Karmen Kern Pipan from the Ministry of Digital Transformation. She noted that trust improved during the pandemic but that citizens still need to be encouraged to use state digital solutions through soft approaches.

Meanwhile, the financial sector focuses on education, explained Primož Vogrinec, Chief Information Officer for Security at NLB. “We invest heavily in user education because users are often the weakest link. While we can’t prevent attack attempts, we can limit their success.” However, the primary challenge lies in users’ varying levels of prior knowledge and access to different technologies, added Matija Šenk.

These concerns are justified, as police data shows 1,600 reported cyberattacks this year, causing €25.5 million in damages. “Banks and insurance companies, which must ensure data security, have well-established systems for data protection. Small and medium-sized enterprises often do not,” warned cybersecurity expert Milan Gabor. He emphasized that greater data accessibility brings higher risks of attacks, especially with the rapid development of new technologies. “Hackers quickly adapt and assimilate their technologies; for example, they use artificial intelligence for increasingly sophisticated phishing attacks.”

In response to these challenges, the government is strengthening digital literacy infrastructure. “When technology is needed, it’s important to have it at hand,” emphasized Dr. Kern Pipan, explaining that 162 digital info points have been established across Slovenia, providing citizens with direct support in using digital services. According to Slavko Ovčina, a systemic approach to digital literacy is the long-term solution: “Digital literacy should be introduced in schools. It’s about how children share information—something we weren’t exposed to in the past, but today, everything is published.”

While technology advances and threats evolve, the key question remains how users will assess the credibility of digital data and content. Gabor highlighted the dangerous discrepancy between the digital and real world and the often excessive trust in it. “Passwords lead to our digital identities and consequently to large amounts of data.” He added that the awareness process will unfold gradually and that the state must drive it forward.

Many companies are still seeking a balance between digitalisation and data security, but Športna Loterija represents an example of a successful approach to managing user data. “Our company receives very positive feedback, as players consistently express trust in our security policies and data management,” explained Jani Ravas, Director of IT and Technology. The company builds user trust on multiple pillars, from proactive security policies with regular security audits and certifications per international ISO 27001 and ISO 9001 standards to implementing advanced technological solutions such as data encryption and two-factor authentication.