2025 highlighted in the clearest way that the digital world no longer functions solely as a field of innovation and development, but as a space of increasing and continuously evolving risk for businesses, organizations, and citizens. Technological progress moves rapidly, yet at the same pace, the practices of digital crime evolve, creating an environment in which security can no longer be taken for granted.
Stella Tsitsoula, Communications Advisor and President of the Hellenic Institute of Cybersecurity, describes to Tornos News a landmark year, during which cybersecurity ceased to concern only specialists and became a matter of everyday relevance for businesses and citizens. The past year did not just bring more incidents, but smarter, more targeted, and more convincing threats. The scale of the problem is clearly reflected in the numbers, as the global cost of cybercrime now reaches $10.5 trillion, making it the largest form of organized crime internationally, with each organization facing an average of around 2,000 cyberattacks per week, and 88% of organizations having experienced at least one incident in 2025.
The Greek reality followed the same trend, confirming that digital risk knows no geographical boundaries. In the first quarter of 2025, approximately 1,300 cyberattacks were recorded per week, with periods in which the increase reached 30% to 40% compared to the previous year, indicating that the phenomenon is not temporary but ongoing, requiring systematic approach and management.
Beyond frequency, 2025 highlighted primarily a change in the nature of attacks. Online fraud became smarter and more targeted, with perpetrators investing less in mass scale and more in precision and personalization. In several cases, the overall number of incidents decreased, yet the financial gain per attack increased significantly, showing that victim selection is now made with greater strategic thought.
Phishing and social engineering remained the dominant forms of digital fraud. In 2025, more than 1.6 million phishing websites were created, while over 1 million incidents were deemed successful, with Stella Tsitsoula noting that almost half of breaches started from stolen or compromised passwords, reminding us that the human factor remains the most vulnerable point in any system.
The impact of artificial intelligence was also decisive, as 2025 marked the explosive rise of deepfake scams, with voices, videos, and messages that are difficult to distinguish from authentic ones. According to her, emails created with AI tools showed up to twice the effectiveness, with response rates exceeding 50%, while the personalization of attacks reached levels that make deception more convincing than ever.
At the same time, artificial intelligence also functioned as a defense tool for organizations that invested in their digital resilience. Real-time threat detection systems, automated behavior analysis, and incident prevention mechanisms strengthened the capacity for timely response, confirming that AI is a dual-use tool, enhancing both attackers and defenders.
At the institutional level, 2025 was linked with stricter regulatory frameworks and increased compliance requirements. The implementation of the NIS2 regulation in the European Union set new obligations for public and private sector organizations, strengthening cooperation, preparedness, and collective response to major cyber threats, while also highlighting the importance of international collaboration against a phenomenon that now operates through organized and transnational networks.
The outlook for 2026 suggests that attacks will become even more automated, persuasive, and multichannel, making a more holistic approach to cybersecurity necessary. Technology remains a critical tool, but is not sufficient on its own, as education, awareness, and the cultivation of a digital security culture emerge as key factors of resilience in an environment where digital risk has become part of everyday life.
