In 2024, one in two individuals in Cyprus fell victim to a cyber attack, and nearly half of businesses experienced security breaches, according to the Digital Security Authority's Consumer Survey on Cybersecurity, published by the Office of the Commissioner of Communications on Thursday.

The survey evaluated how cybersecurity issues are handled, the importance attached to them, responses to cyber attacks, and the consequences of such incidents. Conducted between September and October 2024, it included two parts: one targeting businesses and the other citizens. The study surveyed 1,001 citizens and 450 businesses across various industrial, commercial, and service sectors, with results presented on November 19, 2024, to stakeholders and authorities.

Over the past 12 months, 47% of businesses reported experiencing cyber attacks or breaches, averaging one attack every 10 days. Among affected businesses, more than half (56%) incurred financial losses, with an average cost of €12,000 per breach.

• Phishing was the most common attack, affecting 40% of businesses.

• 71% of the most recent attacks also involved phishing, typically through fraudulent emails.

Among citizens, 49% reported experiencing cyber attacks in the last 12 months, with an average of 28.5 attacks per year. While the frequency of attacks increased compared to previous years (from 25.9 to 28.5 annually), the average financial impact decreased, with victims reporting an average cost of €62 per incident. This decline may reflect improved awareness and ability to recognize fraudulent messages.

• Phishing was also the top threat for citizens, affecting 39% of respondents.

• Among those who avoided attacks in the last year, 87% believed they might still fall victim to future malicious activity.

In light of these findings, the Digital Security Authority announced plans to launch training seminars to enhance cybersecurity skills and awareness campaigns targeting both citizens and businesses. These initiatives aim to reduce vulnerabilities and mitigate the financial and operational impact of cyber threats in the future.