25 February 2026, 18:00

22

One in three Cyprus citizens, half of businesses hit by cyberattacks

One in three Cyprus citizens, half of businesses hit by cyberattacks

One in three people and more than half of businesses in Cyprus were hit by cyberattacks in the past 12 months, according to two nationwide surveys by the Communications Commissioner and the Digital Security Authority.

The surveys revealed that 33 per cent of people experienced a cyberattack over the last year, while almost half of companies reported at least one breach.

The first survey targeted businesses and was conducted between September and November 2025 on a sample of 459 companies spanning industry, trade and services.

The second survey targeted regular individuals and was carried out during August and September 2025 on a sample of 1,043 individuals.

Among businesses, 53 per cent in 2025 reported suffering an attack or breach in the previous 12 months, compared with 47 per cent in 2024 and 49 per cent in 2023.

On average, businesses experienced one attack every eight days, marking a slight increase from 2024, when the rate stood at one attack every 10 days.

Of the businesses that suffered an incident, 51 per cent in 2025 incurred a financial cost averaging €12,000.

This represents a slight decline compared with 2024, when 55 per cent of affected businesses reported financial damage.

The most frequent form of attack remained phishing, defined as fraudulent email messages, accounting for 44 per cent of incidents.

This figure reflects a decrease of four percentage points compared with 2024 and one point compared with 2023.

Phishing was also identified as the most recent type of attack experienced by businesses, reaching 75 per cent.

Alarmingly, nearly one in four businesses has not created, updated or revised its cybersecurity policies for more than a year in order to keep pace with technological developments.

The findings also show a lack of awareness among companies regarding the existence of cybersecurity seminars, with 43 per cent stating they were unaware of such initiatives, compared with 50 per cent in 2024 and 46 per cent in 2023.

Moreover, only 22 per cent of businesses participated in such training in 2025, up from 13 per cent in 2024 and 17 per cent in 2023.

Companies that attended seminars proceeded to strengthen their security measures.

Among businesses that did not experience a cyberattack, 48 per cent believe this is because their company is not a target.

This perception has increased compared with previous surveys, standing at 37 per cent in 2024 and 38 per cent in 2023, a trend described as concerning given that any business can become a target and should take appropriate protective measures.

Turning to regular individuals, the survey found that the average number of attacks per year reached 25.9 in 2025, slightly lower than 28.5 in 2024.

The proportion of people who suffered a cyberattack stood at 33 per cent, down from 49 per cent in 2024 and 47 per cent in 2023.

Among those affected, 17 per cent incurred a financial cost, compared with 13 per cent in 2024 and 19 per cent in 2023.

The survey also showed that the average cost for individual people amounted to €141.

The highest financial cost was recorded in the 35 to 44 age group, in contrast to 2024 when the 18 to 34 group reported the highest cost, while the lowest cost was observed in the 45 to 54 age group in both 2025 and 2024.

Phishing was also the most common form of attack against individuals, accounting for 22 per cent of cases.

This represents an improvement of 17 percentage points compared with 2024 and 14 points compared with 2023.

Among people who did not experience an attack or breach in the past year, 89 per cent do not rule out the possibility of becoming victims of malicious activity in the future, an increase of 2 per cent compared with 2024.

The findings further indicate significant lack of awareness regarding the availability of cybersecurity training, as 74 per cent of people said they were unaware of such seminars, up by 4 per cent compared with 2024.

Only 15 per cent of people have participated in such actions, the findings showed.

After attending seminars, the most important changes adopted included the use of strong passwords, frequent password changes and avoiding suspicious websites.

Based on these results, the Digital Security Authority intends to organise educational seminars and awareness campaigns aimed at strengthening knowledge and skills in cybersecurity among both regular people and businesses.

Similar news

Residents of the Evros area are on alert, due to the increased water level of the river. Huge volumes of water coming down from Greece's border with Bulgaria are putting pressure on embankments and riverside lands, inten...

Icon

1 hour ago

The first vaccinations started today on cow farms, to deal with foot-and-mouth disease. 10,000 will be used initially installments of vaccines that arrived from the occupied territories. Within days, 529,000 doses will a...

Icon

1 hour ago

The Cypriot Association of Cheesemakers is following with particular concern the developments regarding the foot-and-mouth disease outbreaks found in livestock units in the province of Larnaca. The situation is very seri...

Icon

1 hour ago

The Turkish Cypriot property management service is investigating a total of 110 contracts signed by the Paphos municipality for the use of abandoned Turkish Cypriot property in the town, according to reports on Wednesday...

Icon

1 hour ago

The Minister of Finance Makis Keravnos called on the European MEPs to take into account the Cypriot livestock farmers who lost their lives due to foot-and-mouth disease. Speaking before the competent committee of the reg...

Icon

2 hours ago

Cyprus-Italy bilateral relations, the Cypriot issue and the priorities of the Cypriot Presidency of the European Union, will be at the center of President Christodoulides' two-day official visit to Rome. Tomorrow, at 2:x...

Icon

2 hours ago

The Police are investigating a new case of online fraud. According to an announcement, fake phone messages are sent allegedly from a supermarket, under the pretext of redeeming customer card points. The message is includ...

Icon

2 hours ago

The first vaccinations started today on cow farms, to deal with foot-and-mouth disease. 10,000 will be used initially installments of vaccines that arrived from the occupied territories. Within days, 529,000 doses will a...

Icon

3 hours ago

Patients and people with disabilities will no longer be required to register as lobbyists to meet state officials, chairman of the House legal committee Demetris Demetriou said on Wednesday.He was referring to a bill sub...

Icon

3 hours ago

A 33-year-old man was placed in custody after being accused of setting fire to a vehicle belonging to a 28-year-old woman in Ypsonas in the early hours of Wednesday.Police investigations revealed that the fire caused ext...

Icon

3 hours ago