Logo

Estonia’s cybersecurity starts with you

How can we tackle the record number of cyberattacks and security vulnerabilities Estonia faced last year? The answer starts with individual responsibility – strengthening your own defences first, then helping those around you, writes Gert Auväärt, Director of NCSC-EE and Deputy Director-General of RIA.

Let’s begin on a positive note. Last year brought significant technological advances that opened new opportunities in both the economy and in research. However, this progress relies on increasingly complex digital infrastructure, which also creates more opportunities for  cybercriminals.

A decade ago, few could have predicted the scale that cybercrime would reach. Today, it ranks as the world’s third-largest ‘economy’, behind only the United States and China.

We have reached a point where cybersecurity must be seen as a basic necessity for individuals, businesses and states alike. Just as you make sure your wallet and keys are secure before leaving home, the same level of caution should apply when using a smartphone or computer to protect your data and assets.

Tumehallis ülikonnas tumepunase lipsuga mees seisab heledas akenderohkes koridoris

Defending Estonia's digital boarders

RIA develops and manages the core foundations of Estonia’s digital state while also acting as the backbone of national cybersecurity. RIA responds to threats, prevents incidents and safeguards Estonia’s digital borders. To ensure the resilience of Estonia’s digital society, cybersecurity must be strategically embedded across all sectors and adapted to local needs within international cooperation efforts.

Alongside protecting state services, RIA also bolsters critical infrastructure and raises public awareness of cyber threats.

The new Estonian Cybersecurity Strategy 2024–2030 is focused on achieving these objectives. In light of the changing security landscape, we must review cybersecurity, information security and crisis management laws to uphold best practices and guarantee the uninterrupted operation of Estonia’s services.

A record year for cyberattacks

In 2024, RIA registered a record 6,515 cyber incidents with an impact in Estonia. Globally, a record-breaking 40,287 security vulnerabilities were identified – each a potential entry point for cyberattacks. These are not just numbers; they are a warning that cybercriminals have more opportunities than ever, the attack surface is expanding, and the overall threat landscape is deteriorating.

Hackers infiltrated US telecommunications companies, Romanian authorities annulled the first round of their presidential election due to cyber interference, and major data breaches and software failures shook the global economy. Cyberattacks are no longer just a technological issue: they affect elections, economies and even the fundamental structures of society.

Estonia’s success as a digital state brings with it a significant responsibility.

The number of national databases has tripled over the past decade, increasing the attack surface and highlighting the need for effective shared cybersecurity solutions – both in the public and the private sector.

This is where RIA plays a crucial role: by providing central services such as X-Road and authentication solutions, we reduce redundancy and allow organisations to focus on their core activities.

Another key asset is RIA’s unique cyber reserve, which is composed of experts from RIA, other state IT agencies and the Estonian Defence League’s Cyber Unit. If a cyber incident severely disrupts a critical service and the affected organisation lacks the capacity to resolve it swiftly, RIA’s cyber reserve can be deployed. This is not just a theoretical concept – it has already been activated on three occasions and tested in large-scale exercises at all operational levels.

Everyone has a role in cybersecurity

At its core, cybersecurity is about people.

The protection of personal and business data hinges on strong cybersecurity knowledge.

That is why we placed significant emphasis last year on increasing cyber awareness. We organised well-received workshops for older adults, provided targeted guides for young people, and updated the prevention portal itvaatlik.ee with practical advice on recognising scams and reporting incidents. Not everyone needs to be an expert, but reliable information must be easily available.

RIA’s Cyber Test has already helped over 21,000 people improve their cybersecurity skills in just two years, making it a valuable tool not only for individuals but also for businesses and institutions.

As technology advances and cybercriminals refine their methods, we will likely face even more sophisticated threats in the future, including AI-driven attacks and large-scale data breaches. Sustainable security requires integrating cybersecurity into all processes and embedding it in everyday life.

This year’s report is more than just a retrospective. It is a call to action – for individuals, organisations and the nation as a whole. Only by working together can we keep Estonia’s cyberspace secure today and prepared for the challenges of tomorrow.

The other articles of "Cyber security in Estonia 2025"

Cyber Security Yearbook

Last updated: 17.02.2025

open graph imagesearch block image