When a passing truck can plunge half of the public sector offline, something is profoundly wrong.

On Tuesday, Cyprus’s digital infrastructure once again proved alarmingly brittle. For nearly five hours, government websites and ministries—including the Presidential Palace—were left without internet access after an aerial cable belonging to a telecom provider was accidentally cut. The collapse of key platforms like Ariadni, Taxisnet, and CY Login forced public servants into a standstill and left citizens unable to access basic online services.

Officials were quick to clarify that the outage wasn’t the result of a cyberattack. But that only made things worse: the fact that a simple cable could paralyze the state raises unsettling questions about redundancy, preparedness, and the architecture of Cyprus’s entire digital ecosystem.

As the acting Deputy Director of the Deputy Ministry of Innovation, Giorgos Komodromos, admitted during a live broadcast, “The line feeding the government node with internet has been cut.” When asked whether the entire system depended on one line, he insisted there were backups—but investigations are “underway” to determine why they failed.

This latest blackout came just days after an actual cyberattack on September 30—one that targeted the postal system’s Thalis platform and exposed sensitive data linked to ministries, embassies, the police, and even the Presidential Palace. Cyprus Post did not disclose the attack, which became known only in the past 48 hours.

The hacker, operating under the alias ByteToBreach, claimed to have stolen thousands of documents and posted samples on the dark web, including diplomatic correspondence and police communications. International cybersecurity outlets such as Darknet Search and Daily Dark Web described the incident as potentially one of the most significant breaches in Cyprus’s history, warning of possible cyber-espionage motives.

Authorities were again slow to react. The Cyprus Post did not immediately report the incident to the Cybercrime Unit, while officials initially downplayed the severity—insisting that “no classified content” was leaked and that “only delivery data” were exposed. Yet the stolen material reportedly contained internal network information, emails of state employees, and correspondence with foreign diplomatic missions.

The above recent cases highlight that strengthening redundancy, cybersecurity, and coordination is no longer optional; Cyprus must ensure that the next disruption—whether from an accident or an attack—meets resilience, not paralysis. Because if a passing truck can still bring the government to a halt, the country is far from ready for a truly hostile test.