People are central to cyber defence
At a conference organised last week by the Institute for Strategic Solutions (ISR) – Error 404: Truth does not exist – Maja Javoršek, Director of Business Compliance at Zavarovalnica Triglav, discussed the increasingly important role of people in safeguarding data and preventing cyber incidents across the financial and insurance sectors.
The Adriatic Team
Speaking about broader industry trends, she noted that human behaviour remains one of the key variables in cybersecurity everywhere—not just in insurance and not specifically at Triglav. “Across sectors, many security incidents involve an element of human error,” she said, emphasising that this reflects normal workplace pressures rather than intentional misuse. These errors typically arise because people work quickly, multitask or encounter unfamiliar digital threats, and they are observed in organisations of all sizes.
Javoršek stressed that the insurance industry’s reliance on data makes awareness especially important. Triglav, which serves more than 5,000 employees, over four million active individual clients and 240,000 businesses, handles a wide spectrum of information governed by strict legal frameworks, including GDPR, sectoral regulations and internal compliance standards. “Insurance depends on trust, and trust depends on responsible data management,” she told the ISR audience.
In describing Triglav’s approach, she highlighted that the company uses well-established technical, legal and organisational safeguards such as regular patching, monitoring tools, penetration testing and global threat analysis. But she also pointed out that technology alone cannot eliminate risk if users are not prepared for the kinds of tactics attackers employ.
Building practical readiness
For this reason, Triglav focuses strongly on awareness and preparedness. Employees receive ongoing training, internal communication and visual reminders about safe digital practices. The company also conducts simulated phishing and social-engineering exercises to help staff recognise and respond to real-world attack patterns. “The purpose is not to expose individuals,” Javoršek explained, “but to strengthen practical readiness and make the right response feel natural.”
Her remarks also addressed the wider Slovenian context. Data from SI-CERT shows that reported cyber incidents have increased by more than a third between 2020 and 2024, affecting not only large enterprises but also smaller organisations that often have more limited resources dedicated to cybersecurity. To support these organisations, Triglav offers Cyber Protection Insurance, which provides expert assistance, forensic analysis, legal and reputational support, data restoration and coverage for business interruption or extortion attempts.
Javoršek emphasised that while prevention remains essential, handling the aftermath of an incident is equally important. “When an attack occurs, the quality of the response has a major impact on how quickly an organisation can regain stability,” she said.
She emphasised that cybersecurity is a shared responsibility: technology, governance and individual awareness must all work together. In her words, “Secure systems don’t depend only on tools, they also depend on people who understand the value of the information they work with.”
