One in two people in Cyprus was a victim of a cyber attack in 2024 and nearly half of businesses were attacked/breached in the last 12 months, according to the Digital Security Authority's Consumer Survey on Cybersecurity published on Thursday by the Office of Commissioner of Communications.
The main issues assessed in the survey concerned the way cybersecurity or digital security issues are handled, the assessment of the importance attached to these issues, how to deal with cyber-attack incidents, and the consequences of incidents.
The first survey, the relevant press release says, was addressed to businesses and the second survey was addressed to citizens, with the two surveys being conducted in parallel in September-October 2024 on a sample of 1001 citizens and 450 businesses from a wide range in the industrial, commercial and service sectors. The results of the survey were presented at a meeting of stakeholders and authorities held on 19 November 2024.
According to the results of the business survey, in the last 12 months 47% of businesses have been attacked/breached with an average of 1 attack every 10 days. Of the businesses that were attacked, more than half (56%) incurred an average financial cost of €12,000.
According to the survey, the most common attack on businesses (40%) is phishing, through fraudulent emails. Phishing also remains the most recent attack received by businesses reaching 71%.
The other survey showed that 49% of respondents were attacked in the last 12 months, with an average of 28.5 breaches/attacks per year. Of the citizens attacked, 13% had an average cost of €62. Although the average number of attacks has increased from 25.9 to 28.5, there has been a decrease in the cost of cyber-attacks, which may be due to the increased ability of citizens to recognise fraudulent messages.
The most common attack that citizens are subject to is also phishing, with 39%. In the case of citizens who have not been attacked/violated in the last year, 87% do not exclude the possibility of being a victim of a malicious attack in the future.
Based on the above results, the Digital Security Authority said it intends to organise training seminars to enhance cybersecurity knowledge and skills as well as awareness raising campaigns in the near future for both citizens and businesses.