Although cyberattacks targeting individuals are more numerous, the average financial losses tend to be higher when a business falls victim to fraud or cyberattacks.
For this reason, our most extensive cybersecurity prevention campaign last year focused on small and medium-sized enterprises. It aimed to raise awareness among business leaders that cybersecurity is a matter of business survival and that responsibility ultimately lies with the chief executive. It is the CEO who decides how company resources are allocated, what kind of organisational culture is fostered and whether employees receive training on cyber risks.
BEC schemes and ransomware
According to our data, Estonian companies suffer the most significant losses from business email compromise (BEC) schemes and ransomware attacks. As part of our prevention campaign, we drew attention to these threats and shared practical guidance on how to avoid becoming a victim. We published articles on the topic, discussed it on the radio and distributed RIA’s updated cybersecurity quick guide for businesses.
The campaign proved effective. Follow-up research showed that more than half of those in the target group who noticed the campaign sought additional information or planned to make their companies more cybersecure.
The cybersecurity guide for companies, along with information on the scams and attacks that threaten Estonian businesses, is available on RIA’s prevention website at itvaatlik.ee.
Focus on scams
The past year saw an increase in scam calls. In response, we ran a campaign at the end of the year to help people recognise attempts to extract their PIN codes. Information on how scam calls are carried out, what warning signs to look for, and when it is essential to end a call is also available on itvaatlik.ee, where we regularly update content on the most common scam schemes.
Workshops for older people and a new cyber test
Consistency plays a key role in prevention, and in 2025 we continued several long-standing activities. Cybersecurity workshops for older people remained a core part of our work. Fifteen workshops were held in central and city libraries across Estonia, with nearly 200 participants. The workshops were free, and participants could take home a brochure outlining the fundamentals of cyber hygiene.
In April, a new version of the already well-known cyber test became available. It was adopted 426 institutions and companies, including state authorities, local governments, schools, hospitals, family medical centres and private companies. By the end of the year, almost 32,000 people had used the test to improve and assess their knowledge.
We also continued distributing cybersecurity workbooks for younger pupils. This autumn, more than 12,000 copies were distributed to schools, teaching children how to navigate the internet safely.
The year in numbers
For the seventh consecutive year, we have worked with Statistics Estonia to monitor cyber awareness levels among Estonia’s population. The results of the 2025 survey show that people in Estonia continue to prioritise cybersecurity, but practices vary across different areas.
The strongest engagement is seen in strengthening passwords and checking the content of unexpected messages, suggesting that people have a good understanding of the most common risks. At the same time, lower scores for adjusting security settings, conducting background checks, and performing regular backups indicate that more technical or time-consuming measures are often neglected and still require greater awareness and habit formation.
In 2025, two new questions were added to the survey to capture everyday cybersecurity practices better. These focused on using two-factor authentication for social networks and email services, and on backing up personal data to a separate environment or external storage.
Question: which of these have you done on the internet or an app for personal reasons to ensure your security or privacy?
Last updated: 11.02.2026
