Elvīra Zaltāne: Cybersecurity Becomes a Strategic Management Duty
Cybersecurity is no longer just an IT issue but a critical part of business strategy requiring direct management involvement, especially after recent amendments to Latvia's National Cybersecurity Law.

Data protection expert and co-founder of "Affire" Elvīra Zaltāne notes that cybersecurity in companies is still often seen as a narrow technical IT matter. However, recent developments and amendments to the National Cybersecurity Law indicate a new reality – it has become a critical part of business strategy that demands direct management responsibility.
Zaltāne emphasizes that the business environment is interdependent, so a company's security does not end at the office door. Although the NIS2 directive primarily targets critical sectors (energy, transport, healthcare, finance, etc.), it also affects supply chain participants. If a partner suffers a cyber incident, it impacts the entire chain, creating a "domino effect."
Companies that ignore this interdependence risk losing finances and trust. The June 2026 amendments to the National Cybersecurity Law legally establish that supply chain checks are a mandatory management duty that must be included in cybersecurity risk management.
Many companies still rely on manual process management, such as Excel spreadsheets, but these quickly become outdated. Zaltāne points out that in a dynamic technology environment, real-time monitoring and automation are needed to identify risks before they become threats.
Cybersecurity is no longer just an IT responsibility but a essential management competency. Managers do not have to be IT specialists, but they must understand the company's vulnerabilities. The shift from reactive to proactive management provides transparency, allows for preventive gap fixing, and improves resource efficiency. Automation enables working with real-time data and focusing on strategic decisions.
Companies that invest in security understanding and modern processes gain partner trust and strengthen their reputation. The main question for management is no longer about fulfilling formalities, but how security competence helps business grow.


