Cyberattacks have impacted one in three citizens and more than half of businesses in Cyprus over the past year, according to recent surveys conducted by the Communications Commissioner and the Digital Security Authority.
- Among those who attended seminars, the most common changes implemented included the use of strong passwords, frequent password updates, and greater caution when navigating online.
- As the data reveals, the fight against cybercrime requires a collective effort from individuals and businesses alike to bolster security measures and remain vigilant against potential threats.
Survey Findings Reveal Scope of Cyberattacks
The two nationwide surveys indicate that 33 per cent of individuals reported experiencing a cyberattack in the last 12 months, while 53 per cent of companies encountered at least one breach. This marks an increase from previous years, highlighting the growing prevalence of cyber threats.
Business Survey Insights
The first survey targeted businesses and was conducted between September and November 2025, involving a sample of 459 companies across various sectors including industry, trade, and services. The findings reveal that the frequency of attacks has risen, with businesses facing an average of one attack every eight days, compared to one every ten days in 2024.
Of the businesses affected, 51 per cent reported incurring a financial cost, averaging €12,000 per incident. This represents a slight decline in the proportion of companies experiencing financial damage, down from 55 per cent in 2024.
Phishing Remains Predominant
Phishing, characterised by fraudulent email messages, continues to be the most common attack method, accounting for 44 per cent of reported incidents. Although this figure has decreased slightly from previous years, it remains a significant concern. Notably, 75 per cent of businesses that experienced a cyberattack reported phishing as the most recent form of attack.
Concerns Over Cybersecurity Preparedness
Alarmingly, nearly one in four businesses has not updated their cybersecurity policies in over a year, raising concerns about their preparedness against evolving threats. Furthermore, 43 per cent of companies were unaware of available cybersecurity seminars, indicating a lack of engagement with resources that could enhance their security measures. Participation in such training has increased slightly, from 13 per cent in 2024 to 22 per cent in 2025, suggesting a growing recognition of the importance of cybersecurity education.
Impact on Regular Citizens
Turning to the individual survey conducted during August and September 2025, which included 1,043 participants, the findings show a reduction in the proportion of people suffering cyberattacks, down to 33 per cent from 49 per cent in 2024. Despite this decrease, the average number of attacks per person remains high, at 25.9 annually.
Financial Implications for Individuals
Among those affected, 17 per cent reported incurring financial losses, with an average cost of €141 per attack. The age group of 35 to 44 years recorded the highest financial impact, contrasting with previous years where younger individuals faced greater costs.
Increased Awareness of Cyber Threats
Phishing also represented the most common attack against individuals, accounting for 22 per cent of cases. This figure marks a significant improvement from previous years, suggesting that individuals may be becoming more aware of this threat. Despite the reduction in the proportion of people experiencing attacks, 89 per cent of individuals who did not encounter a breach acknowledged the possibility of becoming victims in the future, an increase from 2024.
Need for Enhanced Cybersecurity Awareness
The surveys further revealed a significant lack of awareness regarding cybersecurity training, with 74 per cent of respondents unaware of available seminars. Only 15 per cent of individuals participated in such training, indicating a pressing need for better outreach and education on cybersecurity practices.
Among those who attended seminars, the most common changes implemented included the use of strong passwords, frequent password updates, and greater caution when navigating online.
Future Initiatives by the Digital Security Authority
In light of these findings, the Digital Security Authority plans to organise educational seminars and awareness campaigns aimed at enhancing knowledge and skills in cybersecurity for both the general public and businesses. This initiative is crucial as the digital landscape continues to evolve and threats become increasingly sophisticated.
As the data reveals, the fight against cybercrime requires a collective effort from individuals and businesses alike to bolster security measures and remain vigilant against potential threats.
