"Most breaches don’t start with elite hackers writing custom exploits at 3am. They start with basic, predictable weaknesses that companies keep postponing 'until the next quarter,'" Panicos Georgiou, CEO, eSafe Cyber Security suggests.
In a recent interview with GOLD magazine, the expert also warns that, "Your cybersecurity is only as strong as the least secure supplier in your ecosystem. So, high-risk areas include IT and cloud providers, software update mechanisms, API integrations and Operational Technology (OT) vendors."
Among other things, Georgiou, in addition, shares his view on how has AI changed the speed and sophistication of the attacks and which policies or regulatory measures would be most pivotal in helping the local cybersecurity market grow.
What are the greatest threats to Cypriot companies and organisations right now?
Every organisation is being targeted. The difference is whether you see it or not. We see the biggest impact from Ransomware-as-a-Service, Business Email Compromise, Distributed Denial of Service (DDoS) and hacktivist attacks. We also see AI-enhanced phishing and deepfake impersonation.
Where do companies still fall short in their cybersecurity posture? Which practices or frameworks are proving most effective in closing those gaps?
Most breaches don’t start with elite hackers writing custom exploits at 3am. They start with basic, predictable weaknesses that companies keep postponing “until the next quarter.” The biggest gaps include limited visibility and alert overload, lack of network access control, and insufficient sophisticated email threat prevention. Equally significant is weak endpoint protection, weak identity governance, slow patching and forgotten legacy systems. Having employees unprepared for modern social engineering is also a big problem.
These gaps can be closed by adopting leading cybersecurity frameworks like ISO 27001, NIST CSF and CIS Controls v8, and aligning with NIS2 and DORA, two key EU cybersecurity regulations. Companies should also invest in identity-first security, sophisticated email threat prevention, Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), automation and analytics, as well as continuous awareness training, will go a long way in helping close these gaps. Finally, Network Access Control (NAC), which controls who and what can access a private network, is equally crucial.
As digital ecosystems become more intertwined, what supply chain risks are most critical and how often do companies underestimate them?
Your cybersecurity is only as strong as the least secure supplier in your ecosystem. So, high-risk areas include IT and cloud providers, software update mechanisms, API integrations and Operational Technology (OT) vendors.
Given the EU’s heightened cybersecurity agenda, which policies or regulatory measures would be most pivotal in helping the local cybersecurity market grow?
There needs to be a clear NIS2 implementation and secure-by-design adoption under DORA. Support for SMEs will also help, as well as talent development and retention. Cyprus can become a cybersecurity powerhouse – if we stop treating cyber as optional.
How has AI changed the speed and sophistication of the attacks you’re seeing? Which attacks are becoming hardest to defend against?
With AI, attackers are now faster in multilingual phishing, deepfake impersonation and automated reconnaissance. The hardest threats to defend against are identity compromise, multi-factor authentication fatigue, personalised social engineering, ransomware and low-noise intrusions.
Can you identify one development that will reshape the cybersecurity environment by 2028?
One such development will be the full enforcement of NIS2, DORA and the EU Cyber Resilience Act.
eSafe Cyber Security
“We focus on financial services and payments, government, energy, utilities, critical infrastructure, healthcare, education, professional services, oil and gas, shipping and high-exposure SMEs. Our services include security transformation and strategic advisory, managed cybersecurity operations, incident handling & digital forensics, security validation & penetration testing, human risk and awareness programmes and fraud and financial crime prevention. Our mission is to safeguard organisations around the clock, ensuring that they operate with confidence, clarity and resilience.”
This interview first appeared in the December 2025 edition of GOLD magazine. Click here to view it.
