According to the data presented by FBI, about $12.5 billion were lost to cybercrime in 2023, up $2 billion year-over-year and more than triple the amount recorded in 2019 despite the number of complaints less than doubling compared to four years prior. Cybersecurity expert Uldana Mussabekova explains how to protect yourself and your business from this threat.
Uldana Mussabekova is a highly skilled and accomplished cybersecurity expert. Throughout her career in one of the largest and most well-known banks and insurance companies in Austria, she designed a comprehensive KPI lifecycle process that enabled detailed monitoring of security performance, giving insights into areas that required improvement and uncovering the areas where cybersecurity maturity was concerned. She spearheaded a complex project aimed at assessing the cybersecurity incident response readiness of critical banking teams, specifically those engaged in the Society for Worldwide Interbank Financial Telecommunications (SWIFT) environment. This initiative was essential in ensuring the reliability of redundant operations across 20+ subsidiaries.
Uldana leads enterprise-wide data security assurance initiatives, driving the implementation of advanced standards for data protection at one of the largest insurance companies in Central and Eastern Europe. Her innovative approach and strategic mindset earned her the prestigious ‘Maverick of the Year’ award at the 2025 Cases & Gaces International Conference, recognizing her outstanding leadership and transformative impact on critical cybersecurity initiatives. That same year, she contributed her industry expertise as a jury member for the Globee Awards for Cybersecurity, helping to evaluate and celebrate excellence across the global cybersecurity landscape.
Throughout her career, Uldana has been a proactive supporter of diversity and inclusion initiatives, particularly within the realm of IT and cybersecurity. She co-led the “Women in IT” working group at the bank, where she collaborated with colleagues to organize events, panel discussions, and other activities that encouraged women to consider careers in technology and security. Additionally, she actively mentors in the ‘Women4Cyber’ Mentorship Program, providing guidance to aspiring professionals seeking to advance their careers in cybersecurity.
What is primary in the case of cyberthreat risks – protecting the interests of the company itself as a whole or each individual client? And how can a client determine in which company or bank the risks to their funds and transactions are the lowest?
Safeguarding the company’s interests is critical, as the compromise of sensitive assets can lead to financial, legal, and reputational consequences, along with potential regulatory sanctions. Among these assets, I would highlight the customer data to be one of the most critical and the one which must be prioritized when implementing cybersecurity defense mechanisms, as any breach not only undermines customer trust but can also significantly impact the company itself.
To assess where the risks to funds and transactions are lowest, I would recommend potential clients to evaluate whether companies adhere to and comply with industry-specific regulations such as PCI-DSS, GDPR (EU), ISO 27001, DORA (EU), and others. Additionally, I would advise customers to review the organization’s history of data breaches or security incidents, if this information is available. Most importantly, understanding how the company plans to process and store personal and financial data is essential for making informed and secure decisions.
What is the biggest threat to the safe operation of a large financial structure – external hackers and fraudsters, the lack of coordination of internal processes, or something else?
I believe the biggest threat to the safe operation of any financial structure is often the combination of those factors. At the same time, if given the sort of prioritization to what factors represent a bigger threat, if not addressed in a timely manner, is a lack of coordination and implementation of internal security defense mechanisms which can lead to the exposure of open vulnerabilities that both internal and external threat actors can use in their benefit to penetrate the company’s assets. The organizations with the weak internal security measures in place are more often to become a victim of the numerous sophisticated threats such as APT (Advanced Persistent Threat) or “Zero-day” attacks. I do believe that fostering strong internal security processes, cybersecurity strategies, regular employees’ trainings and other defense mechanisms will proactively mitigate the threats before their realization.
In your opinion, what is the main difficulty for a woman in building a career in the field of cybersecurity?
The global shortage of cybersecurity professionals highlights the challenges organizations face in recruiting qualified specialists, regardless of gender. According to the World Economic Forum, the cybersecurity industry currently requires approximately 4 million additional professionals worldwide, a demand that continues to rise as the need to secure an increasing number of systems grows daily. I do think cybersecurity needs anyone independently from the gender to become skilled professionals. Nevertheless, cybersecurity is still widely perceived as a male-dominated field, a perception supported by statistics. I believe one of the most significant challenges individuals may face, particularly women, is the feeling of working in an exclusionary environment. Navigating workplace dynamics that may lack inclusivity can be daunting. From my own experience, I’ve encountered moments where I had to confront systemic biases, including my own, and work to establish my presence within a team where I was the sole representative of my gender. However, with the growing awareness and initiatives to promote diversity in the cybersecurity field, more opportunities for women to confidently paving their way to the career in this dynamic and challenging environment will arise.
