České Radiokomunikace
17. 7. 2025 5 min
Twitter / X

Investing in cybersecurity pays off handsomely for Czech companies

Investing in cybersecurity pays off handsomely for Czech companies

According to the Czech Police, nearly 11% of all criminal activity is cybercrime committed in cyberspace. While ransomware is an increasingly common threat, particularly for institutions and small and medium-sized enterprises, public, state, and critical infrastructure generally face attacks on service availability. It is estimated that cyber-attacks cost the Czech Republic more than CZK 8 billion in 2024 alone. If we do not start taking cybersecurity seriously, things will only get worse.

A report by Gen, a global leader in cybersecurity, which was compiled using data from the security systems of over 500 million clients in 150 countries worldwide, states that 2.55 billion online threats were blocked globally between October and December 2024, equating to an astonishing 321 attacks per second. According to the report, the Czech Republic is the third most at-risk country for online fraud, after Slovakia and Vietnam.

Increasingly sophisticated attacks

Cyberattacks are becoming more diverse, sophisticated and aggressive. Their numbers are rising rapidly and are likely to grow dramatically in future. The advent of artificial intelligence and quantum computers is a significant milestone for cybercriminals, who not only follow new technologies and trends, but also implement them quickly and effectively in their criminal activities. Unlike their potential victims.

Cybercrime knows no borders

The global, cross-border nature of cybercrime poses a huge challenge. In cyberspace, there are no ethical or moral barriers, let alone national borders. Cybercriminals can operate globally and target their attacks from anywhere in the world.

Today's cybercrime is a perfectly organised business and a well-established sector of the economy. It employs top specialists and functions like any other sector, planning, creating strategies, growing, and organising itself. Meanwhile, its counterpart, cyber security, struggles with differing national laws, slow legislative adaptation and companies' reluctance or even resistance to implementing legislative changes. Furthermore, some countries covertly or openly support cybercrime, or even carry it out themselves. This paves the way for the successful development of cybercrime.

Cybercrime as a service

Want to destroy a competing e-shop? It could not be easier. For just a few dollars, you can order several days of DDoS attacks. During this time, your competitor's store will be unavailable and they are likely to lose their customers. Need money? Encrypt a small company's information system with a ransomware attack and demand a ransom. By the time they realise that they cannot function properly due to insufficient protection and that their backups — and sometimes even their backups of backups — are encrypted, it will be too late. Look at the media to see how many organisations and companies in the Czech Republic alone have recently been hit by ransomware attacks. And not just ransomware. While this article was being written, for example, a hospital in Nymburk was hit by a massive cyberattack.

This is Cybercrime as a Service. Everything is discreet, anonymous, and currently difficult to detect. Cybercriminals make money, their clients profit, and victims suffer losses. However, it is important to remember that ordering a cyberattack is also a criminal offence.

Social engineering

The number of cyber-attacks involving social engineering and different types of phishing is increasing. Despite its scientific-sounding name, social engineering is nothing new; is has been around since ancient times. It refers to the psychological manipulation of people to achieve a desired behaviour. These techniques primarily exploit human emotions and instincts, such as trust, compassion, the willingness to help, and loyalty, as well as fear, stress, anxiety, and greed.

One tool of social engineering is phishing. Scammers try to convince their victims to do something by sending seemingly authentic emails, phone calls, text messages, or social media posts. They do not just target the general public, whom they mostly try to deceive and steal money from, but also attempt to impose political opinions on them. They also attack institutions and companies in the same way — and, unfortunately, often successfully. All it takes is one careless click on an attachment in a seemingly trustworthy email for sophisticated malware to launch its malicious activities on the computer and subsequently on the corporate network, usually without anyone suspecting it. Often, its presence is not immediately apparent. Statistics show that, on average, it takes three months from the moment malware infiltrates a computer to the moment it is discovered. By that time, the attacker will already have a firm grip on the computer and network and will be able to do practically anything they want with them.

Cyber indifference

Cybercriminals and thieves will take anything that can be monetised or converted into cash. If they do not use the stolen goods themselves, someone else will buy it from them. Alternatively, they will order an attack from them. What are the consequences of an indifferent, careless, and negligent attitude towards cybersecurity? What are the consequences of the relatively widespread approach in the Czech Republic of ‘let's wait and see how NIS2 turns out, and then we'll see’, or postponing cybersecurity solutions until the last minute? Let us briefly outline the challenges we are facing:

  • theft of money directly from accounts,
  • misuse of access to bank accounts and payment card details not only for theft, but also for illegal financial transfers,
  • blackmail, not only through ransomware but also through the misuse of personal sensitive data such as private photos, health information, or company information,
  • misuse of personal and sensitive data for creating false documents, legalising various types of fraud, money laundering, and many other criminal offenses,
  • theft of access data to user accounts, especially corporate accounts,
  • theft of information about individuals and entities that can be further used, for example, to hack into the computers of partner or supplier companies and organisations.

Stolen citizen and bank identities are highly prized items on the black market. They can easily be misused for a wide range of online fraud.

Cyber attackers commonly target computers and other devices on the internet or corporate networks to commit criminal activities. Hackers are usually hired by individuals or organisations willing to pay them well for their services. The owner or user of the controlled device has no idea that it is being manipulated. It can be used:

  • to send unsolicited emails (spam), such as commercial offers, fake news, pornography, and disinformation,
  • for integration into botnets (networks of hacker-controlled devices) used to conduct DDoS attacks,
  • to install malware to perform various tasks, such as creating dead drop boxes (hidden websites and controlling devices connected to the network) or even manipulating technology operations in manufacturing plants. Let us just remember the ‘good old’ Stuxnet.

An integral part of cybercrime is industrial, state, and military espionage. This most often involves:

  • obtaining information about competitors to gain a competitive advantage,
  • obtaining classified state or military information,
  • competitive struggles, e.g., eliminating competing companies through DDoS attacks or the theft, deletion, or modification of their internal data.

If anything in the field of cybercrime is gaining momentum at breakneck speed, it is the tools and means of cyber and hybrid warfare, leading to:

  • attacks on state, public, and military infrastructure with the aim of damaging or completely disabling it,
  • attacks on critical state infrastructure, which have increased by 84% since 2022, according to NÚKIB,
  • attacks to block or control the activities of the media, authorities, and organisations,
  • support for sabotage and military operations,
  • inciting hostile sentiments and influencing opinions, attitudes, and events in society.

Neither an end nor unnecessary luxury

In today’s world, every company, organisation, and data network — as well as every individual device, from computers to mobile phones to wearable electronic — is part of an interconnected cyber space. No one is safe, and anyone can be the target of a cyberattack. According to a recent Mastercard survey, 95% of Czech and Slovak companies faced a cyberattack last year.

Cyber security neither an end in itself nor an unnecessary luxury; it should certainly not be treated as an obligatory afterthought. Ensuring cyber security is an absolute necessity, especially in small and medium-sized companies, which are usually the most vulnerable. Otherwise, things will really get worse.

Useful links

 https://policie.gov.cz/clanek/vyvoj-registrovane-kriminality-v-roce-2024.aspx
 https://arion.cz/aktuality/bezpecnost/co-se-delo-v-kyberneticke-bezpecnosti-v-roce-2024/
 https://newsroom.gendigital.com/image/Q4+24+Threat+Report_Release_Czech.pdf
 https://ct24.ceskatelevize.cz/clanek/regiony/nemocnici-v-nymburku-ochromil-kyberutok-pece-ohrozena-neni-362520
 https://cs.wikipedia.org/wiki/Stuxnet
 https://www.ceske-novinky.cz/2024/11/19/s-blizicimi-se-vanocemi-narusta-pocet-kyberutoku-na-male-a-stredni-firmy-mastercard-radi-jak-se-chranit/