Lithuanian PM orders 70 public sector bodies to fix cybersecurity flaws by August

Lithuanian Prime Minister Ingrida Šimonytė has given 70 public sector organisations until the end of August to address critical cybersecurity vulnerabilities in their systems, state broadcaster LRT reports.

The directive follows a large-scale data breach at the Centre of Registers (RC) earlier this year, which exposed over 500,000 property records. According to the National Cyber Security Centre (NKSC), many public institutions have yet to fully implement requirements under Lithuania’s Cyber Security Law, with 27 organisations failing to complete even a single mandated action.

“For too long, there has been a belief that cybersecurity can wait. It cannot,” Šimonytė wrote in a Facebook post on Thursday. She warned that if organisations continue to delay compliance, leadership accountability measures and funding consequences will be considered.

The NKSC reports that while 47 institutions have begun addressing the requirements, their progress remains insufficient. Key tasks include appointing cybersecurity officers, connecting to the NKSC’s Cyber Security Information System, conducting risk assessments, and preparing management plans. The system is designed to enable real-time monitoring and rapid response to vulnerabilities.

In April, Lithuania’s Prosecutor General’s Office launched a pre-trial investigation into the RC breach, which allegedly resulted in the unauthorised access of more than 600,000 real estate registry extracts between January and its discovery. The State Data Protection Inspectorate later revised the estimated number of affected individuals to around 500,000.