Cyprus is making efforts to bolster its cybersecurity defenses, but financial constraints and long-standing neglect of critical infrastructure remain significant obstacles. The issue was discussed in the Parliamentary Audit Committee, where officials raised concerns over the government’s slow response to cyber threats despite recent attacks on public institutions.

Petros Galides, Deputy Communications Commissioner, accused the Ministry of Finance of failing to allocate necessary funds to protect key public infrastructure from cyberattacks. Speaking before the committee, he highlighted that while private sector critical infrastructure has complied with cybersecurity upgrade requirements, several public sector entities remain inadequately protected due to budget limitations.

His remarks followed recent cyberattacks on the Department of Lands and Surveys and the Open University of Cyprus, which exposed vulnerabilities in government systems. Despite the urgency of the issue, officials noted that funding requests for cybersecurity enhancements are repeatedly denied.

The direct financial impact of cyberattacks on public institutions in Cyprus has exceeded €400,000 over the past two years, according to Galides. However, officials emphasized that the indirect economic cost of cyber incidents is far greater, as they can disrupt essential services and erode public trust.

The Deputy Minister for Research, Innovation, and Digital Policy, Nikodimos Damianou, also warned that cybersecurity had been neglected for decades, leaving the country vulnerable. He acknowledged that the government has only recently started implementing security mechanisms, with €8.5 million allocated for cybersecurity measures in the 2025 budget.

This budget includes projects aimed at strengthening cybersecurity in key services such as road transport, social insurance, corporate registry, postal services, and education administration. Additionally, since October 2024, cybersecurity protections have been enhanced in 11 critical government systems.

A 2023 cyberattack on the Department of Lands and Surveys alone cost the government €135,000 in direct expenses. Officials pointed out that the true financial toll of such incidents is difficult to calculate, as they disrupt citizens’ access to services and undermine economic stability.

Despite efforts to modernize cybersecurity infrastructure, the Digital Security Authority (DSA) lacks an approved budget for 2025, raising concerns about its ability to continue operations. The agency employs around 120 staff, with only 67 on permanent contracts, while the rest work under temporary service agreements, creating staffing instability.

Galides emphasized that slow bureaucratic approval of cybersecurity measures hinders progress, warning that delayed implementation leaves government services vulnerable to cyber threats.