Approximately one in two businesses in Cyprus (49%) experienced some kind of cyber-attack/breach in the last 12 months according to a survey conducted by the Digital Security Authority. At the same time similar was the percentage of individuals who were cyber attacked (53%).

According to a press release, the Digital Security Authority conducted two surveys in October-December 2023 to collect data and information on cyber security in the territory of Cyprus. The first survey was addressed to businesses and the second to citizens.

The main results of the survey concerning businesses, were presented at a meeting of stakeholders and authorities held on December 19, 2023.

According to the survey, almost half of businesses (49%) have experienced an attack/breach in the last 12 months with an average of one attack per week, up from 3-4 attacks per month compared to last year. Also, of the businesses that were attacked, for almost half (46%) there was a financial cost that amounts to €27.000 on average, an increase of about €4.000 compared to last year.

According to the survey, the most frequent attack is phishing, i.e. fraudulent email messages with 43% (7% increase compared to last year). At the same time, almost one in four companies has more than one year to create or update or revise their cybersecurity policies to keep up with technological developments.

Also, the research showed that there is ignorance by the companies about seminars offered on cyber security since almost half of the companies (46%) do not know about those seminars while only 17% participated in them. It is worth mentioning that all businesses that participated in a seminar, became aware and took actions to strengthen their security measures.

Finally, the average amount that companies invest in cyber security tools and services per year amounted to approximately 11 thousand euros.

As regards individuals, 53% of citizens have been attacked in the last 12 months with an average of 25.9 breaches/attacks per year, a significant increase from last year of around 25%. At the same time, out of the individuals who were attacked 19% of them had a cost amounting to 141 euros on average. Although the average number of attacks increased from 20.9 to 25.9 there is a decrease in the cost of cyberattacks (-177 euros), which is probably due to the enhanced ability of citizens (+9%) to recognize fraudulent messages.

The survey also showed that the most frequent cyberattack on citizens is phishing, i.e. fraudulent e-mail messages with 36% showing an increase of 6% compared to last year and also that in the case of citizens who did not experience any kind of attack/breach last year, 89% do not rule out the possibility of falling victim to a malicious attack in the future. This percentage increased by 7% compared to last year which shows that citizens are more aware of cyber dangers.

Finally, it became clear that there is ignorance of the citizens about offered seminars on topics related to cyber security since 74% declared ignorance about them while only 11% have participated in seminars.

It is noted that the two surveys were conducted in parallel on a sample of 1006 citizens and 444 businesses from a wide range in the sectors of industry, trade and services.

Based on the aforementioned results, the Digital Security Authority notes that it intends to organize training seminars to strengthen knowledge and skills in cyber security matters as well as information and awareness campaigns in the near future for both citizens and businesses.

Finally, it is noted that these surveys constitute the second in a series of image mapping in cyber security issues in businesses and citizens in Cyprus and that the mapping will continue on an annual basis and will be enriched based on the developments and the information needs to come up.