Language switcher

You are here

Estonian Companies Lose Over Million Euros Annually to Cyberattacks

In recent years, Estonian companies have incurred losses exceeding more than a million euros annually due to cybercrime. However, the damages reported to the Information System Authority (RIA) constitute only the tip of the iceberg. In order to better protect local businesses, it is important to raise awareness of cyber threats and offer effective security measures for companies.

Nowadays, all business is conducted over the internet. In Estonia, there are approximately 170,000 companies with up to 50 employees. Most of them are micro-enterprises, with only one board member listed as an employee. According to Tõnu Tammer, Executive Director of CERT-EE, the maintenance of IT sustainability is one of the core facets of effective business operation. "Modern cyberattacks disable servers or computers, thereby paralysing the functioning of entire companies. Although pen and paper offers an alternative mode of working, we still need data and thus, pens and paper are of little help. It is also not a particularly practical option and it will definitely not compensate for the damage incurred," elaborated Tammer.

Despite the urgency of the problem, there are still many entrepreneurs who have not given it any consideration or taken any steps to minimise the risk of cyberattacks. The problem is particularly acute for small and medium-sized enterprises. Statistical figures indicate that the smaller the company, the less attention it pays to cyber security. "It is completely natural that their primary focus is on keeping the business running, but cyber security should not be overlooked in the process. Otherwise, the cybercriminals will have a field day. First, they will assess how easy it is would be to access the information system of a particular company they have decided to target, and once the ball starts rolling, it creates a snowball effect,” says Tammer.

In 2019, the types of cyber incidents that caused the most financial damage to Estonian companies were the CEO Fraud Scheme, obtaining illegal access to company e-mail accounts, and financial fraud resulting from inbox monitoring. "The CEO Fraud Schemes entails short and concise emails sent under the name of the CEO to the company’s accountant with a request for a quick transfer money to an unknown account. In the second case, the cybercriminals target and hijack business-to-business conversations on monetary transactions, and surreptitiously change the bank account details on invoices,” explains Tammer. In addition, Estonian companies have also suffered significant losses due to ransomware attacks, where cybercriminals encrypt the contents of a device and demand money for decryption. Although hundreds of Estonian businesses have fallen victim to such attacks, a large number of companies have not implemented any security measures to protect themselves. "Most Estonian companies do not even have internal cyber security rules or procedures that would minimise the frequency of such cyber incidents and their negative impact," explained Tammer.

Although cyber awareness has been gradually increasing among Estonian companies, there is still room for improvement. We must also bear in mind that cybercriminals are always striving to get ahead of their victims, which is why they are constantly seeking new ways to ambush entrepreneurs. "CEOs must be aware of those risks and how to identify the most common cyberattacks in order to protect their employees, assets and reputation. However, even that is not always enough, because companies that actively invest in their cyber security may also suffer damages due to the ignorance of their business partners,” explains Tammer. Cyber criminals do not really care about the size of the company or their area of activity, they are primarily interested in monetizing the information procured.

To help local businesses counter these threats, the Estonian Information System Authority – RIA – has launched an information campaign targeting small and medium-sized enterprises and focusing on the types of cyber incidents that have incurred the most financial damage to companies in recent years. “Our campaign aims to increase the safety of the Estonian business environment and cyberspace. Raising awareness about cyber threats will help foster better understanding among entrepreneurs about their own role and responsibilities in avoiding major losses that can be secured with a few clicks or a modest investment,” says Tammer. In Estonia, cybercrime-related losses commonly amount to a couple of thousand euros; this year, the largest amount lost in a single incident exceeded 100,000 euros.

For cyber security measures and recommendations for companies, please visit Information is available in Estonian and Russian. 

Banners in Estonian:

Seiko Kuik
press officer
6630 256
5851 7028

More news on the same subject


Estonia was hit by a third wave of malware – always verify the sender’s address before clicking!

16.10.2020 – The monitoring conducted by the Information System Authority (RIA) and information received from the partners show that the Emotet malware, which can be concealed in documents, files, or under links in e-mails, has infected another large set of computers in Estonia.


Topics of RIA’s quarterly overview: a clever Trojan is taking over Estonians’ computers and the HOIA app is safe

06.10.2020 – The computers of more than a hundred Estonians were infected with the Emotet Trojan. This malware, which creates access to a user’s computer for carrying out further attacks, has affected Estonian trade, transport, and construction companies as well as one smaller government agency. In addition, the Information System Authority (RIA) recommends downloading the HOIA app to limit the spread of the coronavirus and keeping your smart devices updated.