Balkan Informatics Review
Research Journalism · Southeast European Computing
Founded 2019 · Sofia · Belgrade · Bucharest · Skopje · Independent Edition

Cybersecurity in Financial Systems: Emerging Research from Bulgaria

By Editorial Staff · Research Trends · December 2024

Bulgaria does not appear, at first glance, on most observers' shortlists of countries producing notable academic work in cybersecurity for financial systems. That perception is increasingly out of date. Over the past three to four years, a small but credible cluster of Bulgarian research groups — anchored at Sofia University, the Technical University of Sofia, and a handful of institutes within the Bulgarian Academy of Sciences — has been publishing systematic work on intrusion detection, fraud analytics, secure messaging for banking infrastructure, and operational risk modeling for fintech platforms.

The output is not yet at the scale of the dominant Western European centers, but it is methodologically serious, internationally co-authored, and increasingly visible in the program committees of mid-tier security and IS venues. For a country whose financial sector is itself relatively small, the depth of the research base is somewhat surprising — and worth examining.

Three threads of work

The most active thread concerns applied intrusion detection for banking and payments infrastructure. Several Bulgarian groups have published comparative evaluations of machine-learning-based anomaly detection on transaction streams, with particular attention to the constraints imposed by real-time settlement environments and by the data minimization requirements of the EU regulatory regime. The work is engineering-flavored rather than theoretical, but it engages seriously with the trade-offs between detection latency, false-positive rates, and the operational cost of investigating alerts.

A second thread addresses fraud analytics for digital payment platforms, with a notable concentration on card-not-present transactions and on the rapidly evolving instant-payments space. Bulgarian researchers have collaborated with at least one regional bank on anonymized transaction datasets, producing applied papers that have been picked up at IS and applied data science venues. The work is not flashy, but the data access is unusual and the resulting empirical grounding is correspondingly stronger than typical academic treatments of the same questions.

A third, smaller thread addresses formal verification and protocol analysis for secure messaging in interbank settings — work that draws on Bulgaria's deep tradition in mathematical logic and formal methods, and applies it to genuinely contemporary financial-system problems.

Why Bulgaria?

Several structural factors help explain the emergence of this niche. Bulgaria has a substantial commercial software sector with active product lines in fintech and security tooling, which produces a domestic demand for applied research and an unusually willing partner base for academic-industry collaboration. The country also benefits from the broader EU framework programme funding for cybersecurity research, which has reached Bulgarian institutions consistently if not at scale.

The institutional repositioning of Sofia University FMI, which we cover in a separate piece, has also mattered — the faculty's expanded IS doctoral pipeline produces candidates who default to applied security and financial systems topics in ways that simply was not true a decade ago. The recent BulAIS international workshop in October 2024 dedicated one of its three thematic strands to exactly this material, signalling that the community has reached the size and self-confidence necessary to organize around the topic.

"We are not trying to compete with the largest European security groups. We are trying to do work that is empirically grounded in this region's financial infrastructure, and which colleagues in Western Europe will find useful precisely because it draws on systems they cannot easily access."

That positioning — applied, empirically grounded, regionally rooted, internationally co-authored — describes most of the Bulgarian cybersecurity research worth reading at the moment. It is not a strategy for short-term high-impact splash, but it is a sustainable basis for a credible national research community in a competitive field.

What to watch in 2025

Two developments are worth monitoring. The first is whether the 2025 BulAIS workshop edition expands its cybersecurity track into a stand-alone day or pre-workshop, which several attendees of the 2024 edition reportedly advocated for in closing discussions. The second is the doctoral output of the next two to three years from the Sofia groups: a generation of PhDs now entering their final years will determine whether the recent momentum produces a stable, durable cluster or whether it dissipates as senior figures retire and industry continues to outbid academic positions.

For now, the working assessment is straightforward: Bulgaria is producing more, and more interesting, academic work on cybersecurity for financial systems than its size or international visibility would predict. It deserves more attention than it currently receives.