The Middle East is once again on the brink of instability as the Israel-Iran conflict escalates from behind-the-scenes confrontations to overt hostility. However, the most dangerous and least visible front is not fought with missiles or drones—but with lines of code and silent infiltrations. This is the cyberwar, and Cyprus is deeply entangled in it.

As Brief reports, Cyprus’s geopolitical position and its growing role as a technological hub make it both a strategic asset and a potential liability in the emerging digital battlefield.

The island hosts data centers and critical infrastructure serving both European and international providers. Israeli and multinational tech, defense, and maritime firms maintain active operations on the island. Additionally, many Cypriot infrastructures act as communication and digital service intermediaries, increasing the likelihood of becoming collateral targets in broader regional cyber conflicts.

Cyprus has already experienced the impact of cyber threats firsthand:

• December 2022: A cyberattack targeted the Ministry of Defense, aiming to extract sensitive documents and compromise military infrastructure.

• 2023: Iranian-linked group MuddyWater conducted coordinated attacks on Cypriot banking servers, part of a larger Europe-wide operation.

• Ongoing incidents involve phishing and malware attempts against public sector email accounts—including critical ministries such as Foreign Affairs, Health, and Transport.

According to the National Cybersecurity Coordination Center (NCSC Cyprus), there was a 45% increase in attempted breaches on Cypriot networks between 2023 and 2024. Experts interviewed by Brief highlight several persistent and critical weaknesses:

• Decentralized public service networks lack central monitoring and log correlation.

• Inadequate encryption in internal and email communications, especially in municipalities and hospitals.

• Outdated public systems still running Windows 7 and unpatched servers.

• Absence of Multi-Factor Authentication (MFA) for remote access.

• Shared back-office application passwords with minimal activity tracing.

• Reliance on low-cost cloud services lacking proper monitoring, IDS/IPS, or geo-fencing.

• Key infrastructure systems like water utilities, energy grids, and ports operate without air-gapping protections.

The ongoing Israel-Iran cyberwar positions Cyprus as a digital buffer zone between warring entities:

• Israeli cybersecurity firms like Check Point and Cybereason actively collaborate with Cypriot authorities and financial institutions.

• Routing of data through Limassol and Larnaca increases the island’s exposure as a transit point for cyberattacks or payload transmissions.

• Cyprus risks becoming a proxy battleground, with third-party IPs used to launch attacks or test tools like sabotage malware and DDoS strikes on vital web portals.

Cyprus has taken steps to bolster its digital defenses:

• The national CSIRT-CY issues real-time alerts, reports, and technical guidelines.

• There are active information-sharing partnerships with Israel, Greece, other EU states, and ENISA.

• Investments have been made in SIEM platforms, APT detection, penetration testing, and encrypted communication for the private sector.

Still, critical challenges remain:

• No mandatory cybersecurity training for public employees.

• No centralized incident database for systematic recording and analysis.

• Limited interoperability among government systems.

• Absence of a national cyber crisis response plan.

Several studies have highlighted the scope and cost of recent cyber incidents:

• December 2023 (DSA study):

  • 49% of businesses experienced at least one cyberattack in the past year—averaging one per week.

  • 53% of citizens suffered 2–3 cyberattacks monthly.

  • Phishing saw a 43% increase among business targets.

• November 2024 (Survey Data):

  • 47% of businesses were attacked—roughly one every 10 days.

  • 56% of firms suffered financial losses, with an average cost of €12,000.

  • 49% of citizens reported breaches, averaging €62 in personal financial loss.

• January 2025 (Central Bank of Cyprus):

  • 14.3% of businesses reported cyberattacks in 2024—lower than the EU average of ~22%, yet still significant.