Market Intelligence
Cybersecurity Greece

Greece Information Technology National Cybersecurity Strategy

Overview
Greece is undergoing a rapid digital transformation, characterized by government agencies’ adoption of cutting-edge technologies, a cloud-centric approach, and significant private investments in data centers. The Ministry of Digital Governance spearheads this initiative, outlined in the “Digital Transformation Bible” plan for 2020-2025. Understanding the security risks that come with this digital leap, the Greek government established the new National Cybersecurity Authority (NCA) in 2024 (Law 5086/2024). This new entity strengthens Greece’s cyber defenses and aligns the country with EU regulations.

Current Situation
Like other nations, Greece has witnessed a surge in cyberattacks, prompting the national cybersecurity program to become a top national security priority. Recent attacks have specifically targeted critical infrastructure, highlighting the need for robust defenses. A well-publicized attack disrupted the National Gas System Operator (DESFA), impacting the availability of critical systems for Greece’s natural gas infrastructure. Another cyber-attack brought down the Hellenic Post (ELTA) computer systems, leading to the temporary suspension of commercial services at all post offices. In another concerning incident, a distributed denial-of-service (DDoS) attack targeted Greece’s online high school exam platform, causing delays and disruptions for students nationwide.

Actions taken
Greece has established a new National Cybersecurity Authority to enhance its defenses against cyber threats and meet EU regulatory requirements. Enacted by Law 5086/2024, this authority is responsible for advising the National Security Council, formulating national cybersecurity strategies, recommending legislative measures, and monitoring compliance with cybersecurity laws. Additionally, it will promote cybersecurity education, support e-government applications, and coordinate with national, EU, and international bodies.

The creation of this authority is part of Greece’s efforts to comply with the EU’s NIS2 Directive, which will expand the number of supervised entities to around 20,000, including critical sectors like energy, banking, and public administration. This new entity will significantly enhance the country’s ability to prevent, detect, respond to, and recover from cyber-attacks, aiming to protect both public and private sectors from increasingly sophisticated cyber threats.

To proactively address new threats and align with the latest EU regulations on risk assessment for public and private sectors, as well as critical infrastructure, the National Cybersecurity Authority (NCSA) is performing a series of audits for the entire public sector and National Critical Infrastructures. Consequently, the NCSA has issued a cybersecurity maturity assessment framework, a self-assessment tool designed to document the security status of critical ICT infrastructures and implement improvement plans.

Opportunities for U.S. Firms
The Greek cybersecurity market presents significant opportunities for U.S. companies offering security software, services, and infrastructure. This demand is driven by three key sectors:
•    Government: As Greece strengthens its digital infrastructure, robust cybersecurity solutions are crucial for protecting critical systems and data.
•    Private Sector: The rise of digital transformation, particularly in banking and financial services, necessitates holistic cybersecurity solutions to manage evolving risks.
•    Critical Infrastructure: Energy, transportation, water, healthcare, digital authorities, and cloud service providers require advanced security measures to safeguard their vital operations.

Additionally, the convergence of operational and business systems through robotics and the Internet of Things (IoT) creates a complex attack landscape. This necessitates a unified approach to cybersecurity that systematically addresses risks across the entire organization, encompassing both business and operational aspects. U.S. companies with expertise in integrated security solutions are well-positioned to meet this growing demand in Greece.

Greek and EU Authorities 
The European Union Agency for Cybersecurity (ENISA):  https://www.enisa.europa.eu/ 
The National Cyber Security Authority (NCSA): https://mindigital.gr/kyvernoasfaleia 

To learn more about cybersecurity opportunities please contact ICT Specialist Nikos Papachryssanthopoulos at Nikos.Papachrys@trade.gov.