The evolution of cyberthreats in the EU: what role does AI play?

The European Union recorded three times more cyberattacks in the first half of 2023 than in the second half of the previous year. Besides frequency, cyberattacks and their consequences are also more diverse. The increase in the number of hacktivist groups carrying out attacks with an ideological background, particularly in the context of the war in Ukraine, has played a significant role, as have the development of artificial intelligence and the Internet of Things. The most frequent type was ransomware attacks (31%), followed by DDoS attacks (21%) and theft of personal data (20%). The most frequent targets were public administration (19%), individuals (11%), healthcare (8%), digital infrastructure (7%) and manufacturing, finance and transport. This is based on data from the European Union Cyber Security Agency and analysis by BDO.

The most common threats are currently ransomware attacks that target the data content of information systems to encrypt it or possibly take it over. Such attacks are on the rise and the trend does not seem to be slowing down anytime soon. Attackers usually demand a ransom to unlock the encrypted data, and the outcome after paying the requested amount is highly uncertain. If such an attack does occur, prompt and effective action should be taken to minimise the damage caused.

The most important thing is to quickly isolate the affected systems, limit or stop all critical operations run by the information systems, and begin restoring information systems and data from verified backups. Once normal operations are restored, a detailed analysis of the incident must be conducted to evaluate how to improve the response to similar attacks in the future.

The foundation of effective protection is a proven incident response, recovery and business continuity plan.
The next most common type of cyberthreats are DDoS attacks, which target information systems to overwhelm them and prevent them from functioning. DDoS attacks are often the cause of internet or telecommunications outages. Such attacks are at an all-time high. Their goal is to disrupt the functioning of information systems, which is the second most common motivation for attackers after financial ones. At the same time, DDoS attacks often serve as a complementary activity to a larger attack that may already have a financial motivation

What is the motive for cyberattacks?
  • Financial gain: any action related to funds (mainly carried out by cybercrime groups)
  • Espionage: obtaining information about intellectual property, sensitive data, classified data (usually carried out by state-sponsored groups)
  • Disruption: any disruptive action carried out for geopolitical reasons (usually by state-sponsored organisations)
  • Destruction: any destructive action that could have irreversible consequences
  • Ideology: any action backed by an ideology (e.g. hacktivism)
Today, few individuals have not had personal experience of phishing, the attempt to lure sensitive data through fraudulent emails or fake websites that mimic well-known servers, payment portals or government websites. Attackers target people's trust and curiosity. A relative novelty is the deception of users, for example by using trusted phone calls to obtain valuable access data.
Companies should therefore carefully set up appropriate security measures, educate employees about existing risks and train them on how to resist and prevent the most common attacks.

What are the most common impacts of cyberattacks?
  • Digital impact: damage or loss of systems and data, corruption of data files, theft of data
  • Economic impact: direct financial loss or damage to national security that may result from the loss of critical materials or ransom demands
  • Societal impact: impact on the general public or a large-scale disruption that may impact the functioning of society (e.g. incidents disrupting a country's national health system or leak of personal or sensitive data)
  • Reputational impact: potential negative publicity or damage to the reputation of the entity that has been the victim of a cyber incident
  • Physical impact: harm or injury to employees, customers or patients
  • Psychological impact: causing confusion, discomfort, frustration, worry or anxiety to those affected by the cyber incident or affecting their normal lives in any way
Artificial intelligence helps both in protection and attacks

While the deployment of AI in companies can help in detecting suspicious behaviour or malicious code, it can also help attackers. They work with AI to create more convincing phishing emails, which today no longer suffer from the poor English that made it easy to detect fraud in the past.

Today, it is possible to mimic familiar voices using AI and create fake videos that are increasingly indistinguishable from the original.

For companies and other organisations, in addition to consistent training of employees, it is essential to properly set the parameters of protection against cyberattacks, especially to continuously check their vulnerabilities and apply measures against them. Otherwise, in addition to economic losses, they may also face reputational impact.
Libor Šrám

The number of cyberattacks in the EU has increased every month from February this year until June, when the data was made available. In March it more than tripled. For individuals, companies, organisations and public institutions, cyberattacks will be an increasing risk for which it is essential to have adequate response measures in place.

Types of cyber incidents
(Source: ENISA Threat Landscape 2023,