As hybrid cloud environments become more intricate and AI-driven threats evolve, cybersecurity is no longer merely a technical issue—it’s a critical leadership responsibility. Dennis Pokupec, CSO/CISO at Creditplus Bank AG, offers his insights on achieving genuine cyber resilience in a landscape shaped by shifting digital boundaries, increasing regulatory demands, and AI-powered attacks. He believes that addressing this challenge requires more than just the right tools and teams; it requires a shift in leadership, smarter cloud strategies, and a culture that embeds security into every facet of an organization.
The Need for Leadership in Cybersecurity
Cybersecurity is no longer just an IT concern; it has become a mandate for business leaders. Ahead of the Cloud & Cyber Security Expo in Frankfurt, Pokupec emphasized the importance of leadership in driving cyber resilience. As the digital threat landscape evolves, the approach to security must be holistic, involving not only technical teams but also executive leadership. Pokupec views the Tech Show Frankfurt as a unique opportunity to address the issue of cloud governance and underscore the need for business leaders to take an active role in shaping security strategies.
Complexity as the Key Challenge in 2025
Looking ahead to 2025, Pokupec sees complexity as the biggest cybersecurity challenge. Hybrid IT environments, constantly evolving cloud architectures, AI-driven threats, and a volatile regulatory landscape are making it increasingly difficult to maintain visibility and control. Without the right governance, security teams often find themselves reacting to symptoms rather than addressing the structural issues that leadership should be handling.
As attackers become more adept at exploiting these complex environments, the need for a comprehensive, coordinated approach becomes even more critical. In many cases, the security teams are still chasing after technical fixes instead of addressing the larger governance and strategic issues that must be managed at the executive level.
Regulatory Pressures in the DACH Region
In the DACH (Germany, Austria, and Switzerland) region, there’s been a significant rise in regulatory enforcement, particularly around data residency, cloud sovereignty, and AI usage. Regulators are increasingly focused on AI ethics, third-party accountability, and data privacy. With high-profile penalties for tech giants like Meta and Apple, the pressure is mounting on CISOs to ensure not only secure but also defensible digital architectures.
This regulatory shift is compounded by a strong privacy-conscious culture in the region, which influences how organizations manage their cloud vendor relationships. As the demands for compliance grow, cybersecurity teams must adopt a proactive stance to meet both regulatory and business requirements.
Adapting to Hybrid Cloud Risk Mitigation
In a world of hybrid cloud environments, risk mitigation must be more adaptive and layered. It’s no longer enough to secure individual platforms in isolation; consistent, cross-environment controls are necessary. Pokupec advocates for a strategy that emphasizes identity-centric security, posture management, and continuous risk assessment. These foundational practices, when integrated with business context, enable organizations to move away from the outdated “protect everything equally” mindset. Instead, companies can focus on protecting what matters most and doing so intelligently.
AI: The Double-Edged Sword in Cybersecurity
AI is a double-edged sword in the world of cybersecurity. On one hand, attackers are leveraging AI to scale threats like phishing, impersonation, and exploit development, making these attacks more sophisticated and harder to detect. On the other hand, AI also offers powerful defensive capabilities, such as behavioral analytics, anomaly detection, and reducing alert fatigue for security teams.
The real challenge with AI, however, lies in governance. Without careful oversight, AI can quickly become a liability. Organizations must establish clear governance structures to control how AI models are trained, what data they’re exposed to, and how their decisions are validated. This level of oversight is essential to ensure AI remains a valuable asset rather than a potential risk.
Building Cyber Resilience Through Leadership and Culture
For organizations to achieve true cyber resilience, leadership must take a proactive role. Cybersecurity should be framed as a business risk, not just a technical challenge. Pokupec stresses that executive-driven governance, robust incident response plans, and continuous investment in identity and access control are key priorities for building a resilient security posture. Additionally, fostering a strong security culture across the organization is crucial. Tools and technology alone are not enough to safeguard an organization’s digital assets—people, processes, and culture play an equally important role.
What to Expect at the Tech Show Frankfurt
Attendees at Pokupec’s session will leave with actionable insights that go beyond theory. The session will provide a clear roadmap for integrating executive governance with cloud security strategies, covering topics such as the Oracle breach and the core controls every organization should have in place. Most importantly, participants will learn how to align cloud security with business risk, ensuring that security efforts are strategic, comprehensive, and effective.
Cyber resilience is not just a technical issue—it’s a leadership challenge. By embracing this shift in mindset, organizations can build stronger defenses, enhance their security posture, and navigate the increasingly complex digital world with confidence.
