Another record year for cyber incidents
As discussed in this yearbook, Estonia experienced a record number of reported cyber incidents with an impact in 2024.
Looking at the latter half of the year, especially the final months and weeks, we anticipate this upward trend will continue into 2025. While the rate of increase may not be as steep, it would be naïve to expect a decline. This continued rise is driven by both the growing capabilities of cybercriminals and increasing public awareness that incidents should be reported to RIA’s Incident Response Department at [email protected] or via raport.cert.ee.
An increased likelihood of a major incident
Cybersecurity is never a finished task.
As technology evolves, so do the opportunities for criminals and state-backed groups to cause harm – whether for financial gain, espionage or disruption of critical services.
In reality, as demonstrated by the destruction of several underwater cables in the Baltic Sea since October 2023, taking down critical infrastructure does not always require sophisticated cyberattack capabilities. Sometimes, all it takes is an ageing vessel with an anchor that fails to stay aboard.
No matter how well RIA prepares to prevent and counter cyber incidents, or how seriously Estonian institutions, businesses and individuals strive to protect themselves, the attacker always holds the advantage.
Suppose we imagine Estonia’s cyberspace as a sprawling summer meadow, alive with blooming flowers, birdsong and children at play. In that case, we must also picture a high fence meant to shield it from malicious intruders. This fence must be impenetrable at every point, requiring constant vigilance from defenders across the entire perimeter.
Meanwhile, the attackers need only a single ladder to climb over or one tool to break through. Under these conditions, the question is not if a serious incident will occur, but when.
Growing awareness of China’s role in cyber security
In the final months of 2024, several news stories in Estonia highlighted China’s influence, including its implications for cyber security. One widely discussed topic was whether the city of Tallinn should use TikTok, a platform controlled by the Chinese government – this later evolved into a broader debate on whether Estonia should ban TikTok, which helps train China’s artificial intelligence systems.
Another major issue was the arrival of Chinese BYD electric vehicles into the Estonian market, with concerns that their data is transmitted to servers in China, where authorities have access. Discussions also arose over whether Chinese-made routers are secure and should be used.
These debates paralleled questions raised in September about members of the Estonian Parliament’s China Friendship Group, some of whom travelled to China on visits partially funded by the Chinese state. All of this unfolds against the broader backdrop of China’s close ties with Estonia’s eastern neighbour, its stance on Russia’s aggression against Ukraine and its military manoeuvres around Taiwan.
China’s role in cybersecurity will not fade in 2025 – or beyond.
We expect growing awareness of these red flags to influence consumer and policy decisions.
When products from a particular country systematically transmit user data to that country’s authorities – and when that country stands on the opposite side of major global value divides from Estonia and its allies – it is worth thinking twice before buying the latest Chinese gadget or letting children install TikTok on their phones.
AI continues to grow
Artificial intelligence is advancing at an extraordinary pace. In addition to more sophisticated phishing emails, cybercriminals now use AI applications to generate attack codes. In hindsight, it has also become clear that AI-generated code was used in attacks against Estonian heating plants and water stations during the wave of cyber incidents following the outbreak of the Israel-Hamas conflict at the end of 2023.
One of the world’s best-known artificial intelligence developers, OpenAI, reported in October 2024 that its AI-powered chatbot, ChatGPT, had been used to prepare cyberattacks, including for developing malware, spreading disinformation and producing phishing messages. The report specifically mentioned China, Iran and Russia. Of course, AI is also being harnessed for defence, setting the stage for an especially dynamic and challenging period in cybersecurity.
Another major data breach on the horizon?
Data protection was also featured in last year’s cybersecurity forecast, following several significant data leaks in 2023.
At the time, we expressed hope that public exposure of these cases would encourage institutions and companies to improve their ability to protect the personal data entrusted to them. However, just days after the publication of our 2024 yearbook, RIA learned of yet another – and by far the largest – personal data breach in Estonia, details of which are covered in this edition. Fortunately, Estonia has seen no further large-scale violations since then, but there is no reason to assume that the most recent one will be the last.
Last updated: 17.02.2025
