Cyberattacks have rapidly evolved from a vague digital concern into a tangible and costly threat for businesses worldwide. Once considered distant risks, they now represent a pressing reality, with incidents increasing in frequency and sophistication — often without ever making headlines.

A Lucrative Shadow Economy

Cybercrime has become a global economic superpower in its own right. In 2024 alone, it generated an estimated $9.5 trillion in revenue. If cybercrime were a country, it would rank as the third-largest economy in the world, trailing only the United States and China. The economic damage it causes surpasses even the annual losses from natural disasters and the global drug trade.

These attacks are no longer the work of lone hackers. According to Professor Diomidis Spinellis of the Athens University of Economics and Business, highly organized criminal networks are behind them, operating with strategic precision. Their motivation is clear: profit. And their targets? Wherever the money is.

Greece: A Hotspot for Attacks

Greece has become a disproportionate target. In the first quarter of 2024 alone, approximately 1,100 cyberattacks occurred each week in the country. Worldwide, companies running Microsoft software faced nearly 600 million attacks.

One striking example is the case of Fourlis Group, the company operating popular international brands such as IKEA and Intersport in Greece. Just before Black Friday, Fourlis suffered a major cyberattack that crippled its digital infrastructure, especially IKEA’s online store. The estimated damage reached €20 million — and that figure excludes any ransom payment, according to the company.

Fourlis President Vassilis Fourlis admitted the company had underestimated the threat. In response, they have taken robust cybersecurity measures, including creating a digital committee at board level, appointing a Chief Information Security Officer, and implementing 24/7 monitoring systems that have since prevented further attacks.

Global Incidents with No Discrimination

Cybercriminals do not discriminate based on size or industry. From airlines to retail giants, no sector is immune. Australian airline Qantas was recently attacked via its call center, putting millions of customer records at risk. Although no financial data was leaked, the breach underscored how even industry titans are vulnerable.

British retailer Marks & Spencer was also hit hard, forced to suspend online orders for nearly seven weeks. The attack caused a notable drop in sales and market share, further demonstrating the wide-reaching impact of cyber threats.

How Hackers Infiltrate

According to Nikitas Kladakis, General Director of cybersecurity firm Adacom, hackers usually operate quietly and in waves, targeting system vulnerabilities without immediate detection. Their goal isn’t destruction but extraction — gaining control over sensitive company data and setting up backdoor access for long-term exploitation.

Most attacks occur between midnight and 6 AM to avoid detection. Once data is exfiltrated, the criminals reveal themselves and demand ransom, typically in cryptocurrency. Their ultimatum: pay up or risk your data being leaked on the dark web — or worse, handed over to competitors.

As Kladakis explains, many companies reluctantly pay the ransom. The attackers use complex, international networks, making it nearly impossible to trace them. Cryptocurrency is preferred for its anonymity, making traditional law enforcement responses difficult.

Prevention Over Cure

Despite the growing threat, many companies remain hesitant to invest in cybersecurity. The cost is significant — a full service package with around-the-clock monitoring and recovery can average €170,000 annually, with some reaching up to €500,000. But compared to the potential damages, the expense may well be justified.

Kladakis stresses the importance of early detection and prevention. Specialized firms can identify warning signs before an attack unfolds, allowing immediate intervention. Artificial Intelligence (AI) plays a growing role in speeding up detection. However, he warns, the same technology is also being exploited by cybercriminals to enhance the effectiveness of their attacks.

Financial Sector on High Alert

Cybersecurity is now a top priority for banks and financial institutions. According to rating agency DBRS, the threat poses a serious risk to financial stability. The rapid shift to digital banking — accompanied by branch closures — has opened new vulnerabilities.

European banks frequently face ransomware, DDoS attacks, phishing, vishing, and spoofing. AI-generated fake accounts are on the rise. Political motivations have also driven attacks, particularly after the 2022 invasion of Ukraine.

In 2024, the European Central Bank (ECB) conducted its first cyber-resilience stress test on 109 banks. The results showed room for improvement, with the ECB making operational resilience and digital transformation key supervisory priorities for 2025–2028.

DBRS warns that the interconnectivity of global financial systems means that a serious, prolonged cyberattack could trigger a broader financial crisis.

The Broader Business Landscape

The threat is not limited to financial institutions. According to the Royal Institution of Chartered Surveyors (RICS), over a quarter of UK businesses were hit by cyberattacks in the past year. Nearly 75% of business leaders expect future disruptions. Alarmingly, many continue to rely on outdated operating systems, revealing a dangerous gap between awareness and preparedness.