Cyberattacks surge across Cyprus, striking one in three citizens and over half of businesses

One in three people and more than half of businesses in Cyprus have been targeted by cyberattacks over the past year, according to two nationwide surveys carried out by the Communications Commissioner and the Digital Security Authority, highlighting growing digital threats across the country.

The findings showed that 33 per cent of individuals experienced a cyberattack within the last 12 months, while nearly half of companies reported at least one security breach during the same period.

The business-focused survey was conducted between September and November 2025 and included 459 companies from sectors such as industry, trade and services. Meanwhile, the survey examining individuals was carried out between August and September 2025 and included a sample of 1,043 participants.

Among businesses, 53 per cent reported suffering an attack or breach in the previous year in 2025, up from 47 per cent in 2024 and 49 per cent in 2023. On average, companies faced one cyberattack every eight days, an increase from one every 10 days recorded in 2024.

Of the businesses affected, 51 per cent said the incidents resulted in financial losses averaging €12,000. This marked a slight improvement compared with 2024, when 55 per cent of impacted businesses reported financial damage.

Phishing, described as fraudulent email messages, remained the most common form of cyberattack, accounting for 44 per cent of incidents among companies. This represented a decrease of four percentage points compared with 2024 and one percentage point compared with 2023. However, phishing was also the most recent type of cyberattack experienced by businesses, reaching 75 per cent.

Despite the rising threat, nearly one in four businesses has not created, updated or revised its cybersecurity policies for more than a year, raising concerns about whether organisations are keeping pace with technological developments.

The survey also revealed limited awareness of cybersecurity training opportunities. Some 43 per cent of companies said they were unaware that cybersecurity seminars existed, although this figure showed some improvement from 50 per cent in 2024 and 46 per cent in 2023.

Participation in such training remained relatively low, with only 22 per cent of businesses attending seminars in 2025, compared with 13 per cent in 2024 and 17 per cent in 2023.

Businesses that did participate in cybersecurity seminars subsequently strengthened their protective measures.

Among companies that did not experience a cyberattack, 48 per cent said this was because they believed their business was not a target. This perception has grown compared with 37 per cent in 2024 and 38 per cent in 2023, a trend described as concerning because any organisation can potentially be targeted and should adopt protective measures.

Turning to individuals, the survey found that the average number of cyberattacks per person reached 25.9 in 2025, slightly lower than the 28.5 recorded in 2024.

Overall, 33 per cent of people reported experiencing a cyberattack, a notable decline from 49 per cent in 2024 and 47 per cent in 2023.

Among those affected, 17 per cent suffered financial losses, compared with 13 per cent in 2024 and 19 per cent in 2023. The average financial loss per individual stood at €141.

The highest financial losses were recorded among people aged 35 to 44, whereas in 2024 the greatest losses had been reported by the 18 to 34 age group. The lowest financial losses were observed among those aged 45 to 54 in both 2025 and 2024.

Phishing was also the most common cyberattack targeting individuals, accounting for 22 per cent of incidents. This represented a significant improvement, decreasing by 17 percentage points compared with 2024 and by 14 percentage points compared with 2023.

Among individuals who did not experience an attack over the past year, 89 per cent said they did not rule out the possibility of becoming victims in the future, an increase of two percentage points compared with 2024.

The results also highlighted a major lack of awareness about cybersecurity education. Some 74 per cent of people said they were unaware of cybersecurity seminars, up by four percentage points compared with the previous year. Only 15 per cent of individuals said they had participated in cybersecurity training.

Those who attended seminars reported making important changes to improve their protection, including using stronger passwords, changing passwords more frequently and avoiding suspicious websites.

In response to the findings, the Digital Security Authority said it plans to organise educational seminars and awareness campaigns aimed at improving cybersecurity knowledge and strengthening digital protection among both businesses and the general public.

By fLEXI tEAM