1. Introduction
Cybercrime, broadly defined as illicit activity involving computer systems or digital networks, has emerged as a fast-evolving threat in the digital age. According to Europol’s Internet Organised Crime Threat Assessment (IOCTA 2024), cyber-enabled financial fraud, ransomware, and online child exploitation continue to affect either individuals or institutions, with widespread economic and social consequences across the EU [
1]. Similarly, the FBI’s Internet Crime Complaint Center (IC3) reported over 880,000 complaints in 2023, totaling losses above USD 12.5 billion [
2]. These figures highlight the scale and severity of cybercrime, reinforcing its status as a significant concern in both developed and developing economies.
Despite the global significance of cybercrime, there is limited longitudinal and systematic research focusing on Greece. Most existing studies remain fragmented, outdated, or oriented towards broader EU or global developments, without examining Greece as a specific case. This creates a research gap regarding how cybercrime has evolved nationally over time, what forms are most prevalent, and how effectively legal and institutional responses have adapted.
As a member of both the European Union (EU) and the North Atlantic Treaty Organization (NATO), Greece operates within a strategic geopolitical space that makes its digital infrastructure a potential target for cyber-espionage and financially motivated attacks. The country’s reliance on digital services in sectors like tourism, public administration, and banking increases the potential attack surface. Additionally, many small and medium-sized enterprises (SMEs) in Greece remain underprepared for cyber threats, with limited access to security expertise or infrastructure. Existing research has examined the broader connections between cybersecurity and national stability. Kalogiannidis et al. [
3] emphasize the growing intersection of civil protection and digital risk, while Blikhar et al. [
4] focus on the difficulties that developing countries face in establishing resilient legal frameworks to respond to cybercrime. Although these studies highlight overlapping themes—particularly around economic vulnerability and institutional preparedness—they do not fully integrate these ideas or examine their specific implications for Greece. Therefore, a focused national case study is necessary to complement international findings and provide country-specific insights.
A persistent challenge in the study of cybercrime in Greece has been the lack of up-to-date, publicly accessible, and longitudinally consistent data. Earlier studies were often fragmented or outdated, limiting their usefulness for policy development or trend analysis. This article addresses that gap by analyzing operational data collected by the Hellenic Police Cyber Crime Division over a 15-year period (2009–2023), supplemented with relevant international comparisons (Europol, FBI). Unlike earlier fragmented reports, this dataset provides the first integrated overview of cybercrime in Greece.
The study pursues three main objectives: 1. To map the evolution of cybercrime in Greece across major categories over the past 15 years; 2. To compare national patterns with broader EU and global trends; 3. To assess the adequacy of Greece’s legislative and institutional responses in light of emerging challenges.
The findings presented here offer a detailed account of key cybercrime categories—including financial fraud, data breaches, child exploitation, and digital defamation—and their trends over time. The study also explores the legal frameworks, institutional stakeholders, and public–private collaborations that shape the national response. In doing so, it highlights both persistent vulnerabilities and opportunities for future policy reform.
In addition, the article identifies the stakeholders involved in the fight against cybercrime, including law enforcement authorities, government agencies, private companies, and citizens themselves. Understanding the roles and contributions of these actors is essential to formulate effective responses to cybercrime and to coordinate the efforts required to address this cross-border threat. Finally, the discussion expands on the current and future challenges facing Greece in the field of cybercrime. Special attention is given to emerging threats such as ransomware, business email compromise (BEC), and AI-enabled fraud, which—although not yet dominant in Greek case data—are already reshaping the European and global threat landscape.
This paper is organized as follows:
Section 1 introduces the context of cybercrime in Greece, emphasizing its national significance and the key challenges it presents.
Section 2 reviews the relevant literature, focusing on historical trends, major incidents, and existing research on cyber threats and response mechanisms.
Section 3 outlines the legislative framework and delineates the roles of major public and private stakeholders within Greece’s cybersecurity landscape.
Section 4 presents the methodology and acknowledges the limitations of the cybercrime data obtained from the Cyber Crime Division of the Hellenic Police. It also offers comparative insights from international sources and discusses the results, with particular emphasis on the most prevalent categories of cybercrime, their evolution over time, and the effectiveness of current interventions.
Section 5 provides a broader discussion on the implications of these findings. Finally,
Section 6 concludes with a summary of key insights and offers recommendations for future policy, academic research, and national cybersecurity strategy.
2. Related Works
Technology advancements, societal shifts, and the development of legal frameworks have all shaped the growth of cybercrime in Greece. The academic literature on cybercrime demonstrates a clear interaction between technological infrastructures, social vulnerabilities, and institutional responses. While this paper is empirical in nature, it is informed by established theories of crime that add conceptual depth. Routine Activity Theory (RAT) suggests that crime occurs when motivated offenders meet suitable targets in the absence of capable guardianship [
5]. This provides a useful framework for understanding the persistence of online fraud, where offenders identify vulnerable targets such as digitally inexperienced users or SMEs with limited cybersecurity, and where guardianship is weak due to low awareness or underdeveloped technical defenses. Deterrence theory complements this, emphasizing that the certainty of punishment is more influential than its severity in shaping offender behavior [
6]. The socio-technical perspective adds a further dimension, highlighting that cybercrime is not purely a technical problem but arises from the interaction between people, organizations, and technologies [
7]. These theories collectively help interpret the trends described later in this paper.
Earlier Greek research has provided valuable descriptive insights into the emergence of cybercrime. Vlachos et al. [
8] documented how the expansion of broadband internet in Greece coincided with increases in identity theft, cyberbullying, and online financial fraud. These studies also emphasized the problem of underreporting, as many incidents never reach law enforcement. Papanikolaou et al. [
9] extended this analysis and found that the financial crisis of 2010 represented a turning point, with fraudulent online advertisements, job postings, and scams exploiting the economic vulnerability of individuals and companies. They argued that the crisis created fertile ground for offenders by lowering public trust and increasing the attractiveness of fraudulent quick-profit schemes.
The link between economic stress and cybercrime has been particularly relevant in Greece, where SMEs dominate the business landscape. SMEs often lack dedicated cybersecurity resources, which increases their vulnerability to phishing, business email compromise, and ransomware. Papathanasiou et al. [
10] recently analyzed the phenomenon of business email compromise (BEC) in Greece, noting that although this category is relatively new compared with long-established fraud, it has already produced significant financial losses for enterprises. Their findings also highlighted the uneven implementation of EU-level cybersecurity directives in Greece, including the NIS Directive, and pointed to gaps in institutional readiness.
International studies provide important comparative perspectives. Anderson et al. [
11] examined the costs of cybercrime and demonstrated that victims and society carry the majority of financial losses, while offenders often gain relatively little. This asymmetry reinforces the need for systemic prevention measures. Their updated analysis [
12] showed that ransomware, cryptocurrency-enabled crime, and BEC have become among the most costly forms of cybercrime worldwide. These global insights provide a benchmark against which Greek data can be compared. Interestingly, while Europol and FBI reports highlight ransomware and large-scale intrusions as dominant trends, Greek police data continues to show financial fraud as the most frequent category. This divergence illustrates both convergence and divergence: Greece faces the same emerging threats as other EU member states, but it remains disproportionately affected by more traditional cyber-enabled fraud.
Beyond costs and categories, awareness and human behavior remain central to the literature. Bada, Sasse, and Nurse [
7] analyzed why cybersecurity awareness campaigns often fail to change behavior. They concluded that complexity, lack of cultural relevance, and weak motivational framing undermine the effectiveness of such initiatives. This finding resonates with the Greek case, where national awareness campaigns exist but have achieved limited results, as reflected in persistent levels of fraud and online victimization. The socio-technical view thus helps explain why improvements in technology and regulation alone are insufficient if not supported by behavior change among users and organizations.
In synthesizing these strands, we observe that the literature provides a strong global and European context, but Greek-focused studies remain limited. Earlier national studies are primarily descriptive, focusing on incident types or crisis-linked increases. More recent contributions such as Papathanasiou et al. [
10] offer sector-specific insights but do not provide a longitudinal or theory-based analysis. Few works integrate criminological theory with national data, and fewer still situate Greece explicitly within comparative EU and global trends. This article seeks to fill that gap by analyzing fifteen years of operational data from the Hellenic Police Cyber Crime Division (2009–2023), interpreting the results through criminological theory, and positioning Greek developments within the wider cybercrime landscape.
3. Legislative Framework and Key Stakeholders
The legislative framework for addressing cybercrime in Greece has been significantly shaped by both national initiatives and international obligations, particularly through alignment with European Union directives. The evolution of this legal framework reflects a growing recognition of the need to combat cyber threats effectively, which have become increasingly sophisticated and pervasive in the digital age. While Greece has created a comprehensive set of laws and institutions, the degree to which these measures have translated into operational effectiveness remains contested. Routine Activity Theory (RAT) and deterrence perspectives are useful for interpreting the role of legislation: laws create the “guardianship” that should reduce offender opportunities, but weak enforcement capacity limits deterrent effects.
3.1. Legislative Framework
One of the cornerstone legislations in Greece is Law 4577/2018 [
13], which transposed the European Union Directive on Network and Information Systems Security (NIS Directive) into national law. This law established obligations for essential service operators and digital service providers to implement appropriate security measures and report incidents [
14]. In principle, this represented a major strengthening of guardianship, but in practice, compliance has been uneven, particularly among SMEs. Building upon this foundation, Greece recently transposed the updated Directive (EU) 2022/2555 on measures for a high common level of cybersecurity (NIS2 Directive) through Law 5160/2024 [
15]. NIS2 significantly broadened the scope of covered entities, strengthened risk management obligations, and introduced stricter oversight. Yet, comparative research shows that unlike larger EU states, such as Germany or France, Greece faces resource and expertise shortages, raising doubts about the certainty of sanctions and thus limiting deterrence in practice.
In addition to the NIS and NIS2 Directives, Greece has also ratified the Budapest Convention on Cybercrime (Law 4411/2016) [
16], which remains the foundational legal instrument for international cooperation against cybercrime [
17]. The Convention facilitates the harmonization of national laws and enhances cross-border collaboration. However, while its incorporation into Greek law underscores international commitment, actual casework demonstrates that cross-border investigations remain slow and resource-intensive, highlighting the enduring gap between formal ratification and operational effectiveness. The Greek Penal Code has also been amended to include specific provisions addressing unauthorized access, data breaches, and cyber fraud [
18]. These amendments are important for legal clarity, but case law remains limited, which restricts their deterrent potential. In deterrence terms, the “certainty of punishment” is undermined by judicial backlog and limited prosecutorial specialization in digital crime.
The establishment of the National Cyber Security Authority (NCSA) under Law 5086/2024 [
19] marked a significant step in institutionalizing national cybersecurity governance. The NCSA coordinates strategy, oversees compliance, and formulates policy. It also leads the development of a National Cybersecurity Strategy, which emphasizes continuous adaptation of legislation to address emerging threats. From a socio-technical perspective, this central authority is critical for aligning technical and organizational practices. Yet, its effectiveness depends on adequate staffing and inter-agency coordination, both of which have been flagged as persistent challenges in Greek cybersecurity governance [
8,
10].
Although the transposition of the NIS and NIS2 Directives through Laws 4577/2018 and 5160/2024 reflects progress, practical implementation has been hindered by bureaucratic fragmentation, staffing shortages, and uneven compliance across sectors. SMEs, which dominate the Greek economy, are often outside the effective reach of these frameworks due to limited resources and awareness. This mismatch between formal regulation and operational capacity illustrates a classic RAT problem: while formal guardianship exists, it may be too weak to prevent offenders from exploiting vulnerable targets. Moreover, the limited visibility of enforcement diminishes deterrence. Even though the updated NIS2 framework strengthens oversight provisions, Greece requires more targeted support mechanisms to translate laws into resilience.
The legislative framework in Greece also emphasizes the importance of public–private partnerships. The government has initiated measures to foster collaboration with the private sector, recognizing that information sharing and joint capacity-building are essential for resilience [
20]. However, while public–private cooperation is formally encouraged, evidence suggests that collaboration remains sporadic and uneven across industries. Furthermore, Greece’s cybercrime legislation is complemented by adherence to international treaties and the European Union’s General Data Protection Regulation (GDPR) [
21]. By requiring robust data protection measures, GDPR indirectly enhances cyber resilience [
22]. Yet, compliance among smaller organizations is inconsistent, reinforcing structural vulnerabilities in the national cybersecurity environment.
In summary, Greece has made important progress by aligning with EU directives, ratifying international conventions, and creating new institutions such as the NCSA. These initiatives provide a solid formal foundation. Nonetheless, challenges remain in practical enforcement, inter-agency coordination, SME support, and cross-border collaboration. From a theoretical perspective, the absence of consistent and visible enforcement reduces deterrence, while limited organizational and technical capacity weakens capable guardianship. This gap between legislative ambition and operational implementation highlights the need for further empirical research into how Greek laws and institutions function in practice, especially in comparison with other EU member states.
3.2. Key Public Stakeholders
As cyber threats become increasingly sophisticated, Greece has mobilized a wide network of public and private stakeholders to strengthen its defense. The collaborative cybersecurity ecosystem includes government agencies, private companies, educational institutions, and international organizations. Public stakeholders in particular are responsible for safeguarding national cyberspace and coordinating with private actors to protect critical infrastructure and citizens’ digital security.
The National Cyber Security Authority (NCSA) plays a central role in formulating the national strategy and coordinating critical infrastructure protection. However, its effectiveness is constrained by resource limitations and uneven cooperation with sectoral regulators. The Cyber Crime Division of the Hellenic Police (Law 5187/2025) [
23] is tasked with combating cybercrime and raising awareness. While highly active and internationally connected, it faces persistent staffing shortages, which limit its capacity to respond to complex attacks. The Digital Evidence Examination Unit of the Forensic Science Division supports investigations by analyzing seized digital material, but delays in processing evidence can affect judicial outcomes. The Hellenic CSIRT of the General Staff of National Defence provides defense-sector cybersecurity and training [
15], while the National CERT of the National Intelligence Service manages incident detection and response across public and private sectors [
24]. Although these institutions each fulfill vital roles, overlapping responsibilities sometimes create coordination challenges.
Beyond the core public stakeholders, the private sector, universities, NGOs, and international bodies also contribute significantly. Cybersecurity companies and financial institutions provide expertise and infrastructure to protect against attacks. Universities and research centers train cybersecurity professionals, though national capacity still lags behind EU averages. Civil society organizations help raise awareness, but their reach is limited. A notable example of early public engagement was the Digital Awareness and Response to Threats (DART) taskforce (2007–2010), which promoted proactive risk mitigation through education and inter-sector collaboration [
25]. Although DART was eventually dissolved, its legacy underscores the potential of coordinated multi-stakeholder initiatives.
Taken together, these stakeholders illustrate Greece’s commitment to building a comprehensive cybersecurity ecosystem. Yet, as socio-technical theory highlights, the effectiveness of this system depends not only on formal institutions but also on the quality of coordination, information sharing, and public trust. Current evidence suggests that fragmentation and uneven capacity continue to limit effectiveness. Thus, while Greece has created a wide range of institutions, their collective ability to act as effective guardians against cybercrime remains an open question, representing a critical gap in both policy and academic research.
4. Methodology, Limitations, and Results
4.1. Methodology
This study adopts a secondary data analysis methodology, drawing on operational statistics compiled by the Cyber Crime Division of the Hellenic Police, where two of the authors serve as officers. Although presented as aggregated statistics, the data originate from primary casework handled by the Division, lending them reliability and specificity. The dataset includes case categories and thematic breakdowns for selected years (2009, 2012, and 2023), allowing a longitudinal view of cybercrime trends in Greece.
To enable comparison across years, a harmonization process was required. Earlier datasets employed narrower or inconsistent classifications, so incidents were consolidated into broader categories. For example, all forms of online fraud—including phishing, fraudulent e-commerce, and investment scams—were grouped under “Internet Fraud and Electronic Commerce.” Cases of unauthorized access, malware, and hacking were classified under “Unauthorized Access and Data Theft.” Each case was assigned to a single dominant category to avoid double counting, with priority given to the primary offense as recorded in police databases. This harmonization preserved fidelity to the original classifications while ensuring comparability across time points.
Table 1 and
Figure 1 present the classification scheme used in the analysis. Section headings in the Results (e.g., “Financial Fraud and Intellectual Property Theft”) mirror these thematic clusters for narrative clarity, without altering the underlying groupings. While individual case files and offender strategies were not accessible, the published statistics allowed for meaningful longitudinal analysis. To contextualize the findings, descriptive comparisons are made with international reports such as Europol’s IOCTA and the FBI’s IC3 reports, aligning national patterns with broader European and global trends. This methodological approach situates Greek cybercrime within international typologies while maintaining focus on local dynamics.
4.2. Limitations
Despite the value of operational police data, several limitations must be acknowledged. First, the data reflect only detected and reported incidents. Underreporting is a well-documented problem in cybercrime research: many victims—particularly SMEs and vulnerable groups—do not report incidents due to reputational concerns, lack of trust, or a perception of limited enforcement capacity [
26,
27]. Consequently, these statistics underrepresent the true prevalence of cybercrime. From a deterrence perspective, this underreporting weakens the “certainty of detection,” limiting the preventive effect of legislation.
Second, local police units often lack specialized personnel or tools, which may result in misclassification or missed detection of complex cases. Third, this study could not access offender profiles, motives, or organizational structures, restricting insights into the actors behind incidents. The available case summaries provide only high-level categorizations and do not differentiate between subtypes of attacks—for example, whether “Internet Fraud” involved mass phishing, spear phishing, or business email compromise. This limits the granularity of the analysis.
In addition, harmonization with earlier Greek studies introduces methodological challenges. Previous research employed significantly different taxonomies, making exact comparison difficult. While our broader categories allow for continuity, some mismatches are unavoidable. The limited number of time points (2009, 2012, 2023) further constrains the use of inferential statistics, regression analysis, or robust significance testing. As such, the analysis is primarily descriptive and trend-focused.
Despite these limitations, the study contributes important baseline evidence. To our knowledge, this is the first time recent operational cybercrime statistics from the Hellenic Police have been systematically organized and presented in academic form. Two of the authors, as serving officers, ensured the accurate interpretation of categories and the integrity of classification. By comparing the results with earlier national studies and international reports, the paper provides insights into how Greek cybercrime has evolved and where divergences from broader EU and global trends occur.
Future research should extend this baseline through primary data collection, including victimization surveys, interviews with investigators and CERT officials, and cross-institutional data sharing. Such efforts would allow for deeper analysis of offender strategies, victim experiences, and the practical effectiveness of Greek legislation and institutional frameworks.
4.3. Results
International information from agencies like Europol and the EU Cybersecurity Agency (ENISA) [
28,
29] is matched with national data to bolster the research. This comparative method makes it possible to situate Greece within the larger European and international framework, emphasizing both the similarities and differences of the Greek cybersecurity landscape. Understanding the changing nature of cyber threats requires capturing the big picture using factual data from both Greece and other countries. Comparison of data from the Hellenic Police Cyber Crime Division, Europol [
1], and the FBI [
2] points out global trends and regional responses. Despite variations in cybercrime forms, shared challenges reveal the need for international cooperation and adaptive security strategies to effectively address the increasing cyber threats. To provide a historical perspective in this analysis, we examine the evolution of our findings in relation to previous research conducted by the Police Cyber Crime Division since 2012 [
9] and the DART taskforce since 2009, which was discussed earlier [
8]. It is important to note that regrouping cases originally classified under different categories poses inherent challenges for ensuring direct comparability. The categories used in this study have been reconstructed to enable a meaningful comparison over time; however, some inconsistencies may remain. These do not significantly affect the overall interpretation, as the main trends are preserved with a high degree of accuracy.
In any case, accurately assessing the cost of cybercrime remains a complex and challenging task, as it is difficult to reliably estimate its true financial and social impact [
11]. Various studies report differing—and at times conflicting—estimates of the cost of cybercrime, depending on the methodologies, data sources, and analytical approaches employed [
30]. The lack of standardization in reporting and assessing these costs is a cause for concern. On the other hand, monitoring the evolution of various forms of cybercriminal activity, grounded in documented cybercrime incidents, is both an objective and essential approach for the effective implementation of appropriate countermeasures and policy interventions.
The Hellenic Police Cyber Crime Division reported 10,884 cybercrime incidents in 2023, with a clear focus on managing increased cases of financial fraud. The general distribution of various categories of cybercrimes is shown in
Figure 1.
To facilitate discussion and comparison, the following findings are grouped into broader categories with accompanying analysis. This approach enables both descriptive reporting and interpretive connections with international trends and criminological theory.
4.4. Financial Fraud and Intellectual Property Theft
Financial fraud remains the most prevalent cybercrime category globally and in Greece. Papathanasiou et al. [
31] provide a detailed typology of fraud schemes, including phishing, fake e-commerce, and investment scams, emphasizing the role of EU legislation in shaping defenses. In Greece, the Cyber Crime Division has observed continued growth in fraud, particularly phishing and e-banking scams. The spread of social networks and online shopping creates abundant opportunities for offenders, who exploit anonymity to defraud citizens. Europol and the FBI both confirm this pattern, highlighting the economic impact of investment fraud and business email compromise at European and U.S. levels [
32].
In Greece, fraud accounted for 48.34% of cybercrime in 2023 (5261 cases). Offenders increasingly use social media platforms and buy-and-sell ads to reach victims. This persistence resonates with Routine Activity Theory: targets and motivated offenders are plentiful, while guardianship—through bank defenses or user awareness—remains inconsistent. Operation APATE, targeting phishing scams, led to the arrest of 155 network members and revealed over EUR 6 million in losses [
33]. Enforcement actions against intellectual property violations, including illegal IPTV services, further underline the demand for unauthorized content [
34]. Historical continuity is evident: DART data (2007–2009) reported fraud at 53.69%, suggesting structural resilience of fraud as a category. In contrast, ransomware and BEC dominate the EU and U.S. landscapes, highlighting a divergence: Greece’s fraud dominance reflects an SME-driven economy and lower digital maturity, delaying the shift toward newer global threats.
4.5. Protection of Minors and Vulnerable Populations
Protecting minors remains a top priority for cybercrime authorities. In 2023, the Division responded to 298 cases of child exploitation, mostly child pornography, harassment, and extortion. Additionally, 445 cases of individuals with suicidal tendencies (4.09%) and 93 disappearances (0.85%) were handled. These figures show both the scale of vulnerabilities and the expanding remit of cyber policing. Europol warns of AI-enabled exploitation, such as deepfake abuse [
35], while the FBI stresses the risks posed by social media platforms in enabling direct offender–victim contact [
2].
The 836 incidents involving minors and at-risk groups (7.68%) demonstrate that offenders exploit socio-technical dynamics—leveraging online platforms faster than legislation or guardianship can adapt. Routine Activity Theory is again relevant: guardianship online is weak, while opportunities are abundant. Although case numbers in Greece are lower than in some EU states, this may reflect underreporting and limited detection capacity rather than genuinely reduced prevalence. Legislative and technological adaptation will be crucial to mitigate these evolving threats.
4.6. Hate Speech and Animal Cruelty Cases
Recent years show increasing recognition of hate speech and animal cruelty as cybercrime concerns. In 2023, 141 such incidents were recorded (1.29%), including 131 cases of animal cruelty (1.2%) and 10 cases of hate crimes. Europol stresses the need for proactive measures against online hate incitement, while the FBI also reports cyber-enabled hate, albeit less extensively.
Although small in number, these cases highlight the influence of legal frameworks on statistical visibility: Greece’s decision to criminalize animal cruelty online has driven more consistent reporting. This illustrates how legislation (
Section 3) shapes which crimes appear in official records. In comparative perspective, many EU states subsume these crimes under broader extremism categories, suggesting Greece’s profile is somewhat unique. These trends emphasize how evolving social values translate into measurable categories of cybercrime.
4.7. Unauthorized Access of Information Systems
Unauthorized access and data breaches continue to rise, reflecting the growing centrality of digital infrastructure. In 2023, 802 incidents of unauthorized access (7.37%) and 1163 cases of data theft (10.69%) were recorded. While the numbers appear stable, the risk remains significant, with criminals using intrusions for extortion, defamation, or harassment. Compared with EU averages, Greece records fewer cases, which may indicate under-detection or limited reporting capacity.
From a deterrence perspective, offenders may perceive detection risk as low, reducing deterrent effects even when legal frameworks exist. Historical comparisons with DART and earlier reports show that unauthorized access was once underreported; current increases may partly reflect improved awareness and reporting rather than actual incidence alone. Nonetheless, these cases illustrate the ongoing challenge of enforcing guardianship in an environment of rapid digital expansion.
4.8. Institutional Support and Citizen Requests
A substantial share of the Division’s workload involves cooperation with other authorities and responding to citizen requests. In 2023, 2631 cases (24.18%) fell into this category. Of these, 2023 (18.59%) were requests from other national authorities for digital forensics, technical analysis, and intelligence support, while 608 cases (5.59%) were direct citizen requests related to personal data theft, fraud, or harassment. Identity theft accounted for 1163 incidents (10.69%), comparable to earlier studies (12.7% in 2012; 17.6% in 2009). This slight decline suggests rising public awareness, but also highlights persistent risks.
This category demonstrates the socio-technical role of the Division as both investigator and guardian. Its expertise supports broader state operations, yet dependence on a single specialized unit raises sustainability questions. High demand for assistance reflects institutional recognition of cybercrime’s multidimensional nature, but also exposes gaps in distributed capacity across agencies.
4.9. Overall Patterns
Figure 2 summarizes the evolution of cybercrime in Greece across 2009, 2012, and 2023. While irregular time intervals complicate formal trend analysis, they highlight broad continuities and shifts. Financial fraud has remained dominant, reflecting structural vulnerabilities in the Greek digital economy. Crimes against minors, though fluctuating, illustrate the human costs of online victimization and the adaptive strategies of offenders, particularly with new technologies such as deepfakes. The rise in hate speech and animal cruelty reflects legislative changes that have broadened the scope of cybercrime enforcement. Unauthorized access and data theft show increasing visibility, though numbers likely understate true prevalence due to detection limits. Institutional support requests underscore both the strengths and strains of Greece’s centralized cybercrime capacity.
In summary, Greece’s cybercrime profile shows both convergence and divergence with international patterns. Like the EU and U.S., it faces growing challenges in fraud, exploitation of minors, and unauthorized access. Yet, unlike global trends dominated by ransomware and BEC, Greece remains disproportionately affected by traditional fraud. This divergence reflects its economic structure, awareness levels, and enforcement capacity. From a theoretical perspective, these results illustrate persistent weaknesses in capable guardianship (RAT), underreporting that undermines deterrence, and socio-technical vulnerabilities that offenders exploit faster than regulatory or institutional responses. Together, they highlight the need for more robust awareness campaigns, improved inter-agency cooperation, and future research integrating primary data to evaluate the effectiveness of legislation and enforcement.
5. Discussion
The statistical analysis and categorization of the aforementioned data provide valuable insights into the direction of cybercrime in Greece and, by extension, its relation to international developments. Beyond descriptive statistics, the patterns also reveal subtle indicators of offender adaptation. Cybercriminals have significantly evolved their tactics, leveraging technological advances, anonymous payment systems, and sophisticated social engineering to sustain and expand their operations. Routine Activity Theory (RAT) helps explain these findings: fraud persists because offenders encounter abundant opportunities and weak guardianship, particularly in digital transactions. Deterrence theory highlights how underreporting and limited enforcement undermine the certainty of punishment, reducing the deterrent effect. Socio-technical perspectives remind us that new threats, such as AI-enhanced scams, emerge precisely at the intersection of human behavior and technological innovation. Within this evolving landscape, Greece’s trends reveal both convergence with and divergence from global patterns.
Although this study focuses on Greece, the findings have broader implications for European cybersecurity. Fraud dominance in Greece—48% of all cases in 2023—diverges from the EU and U.S., where ransomware and business email compromise (BEC) are most costly. This reflects Greece’s SME-heavy economy and lower digital maturity, but it also underscores a European vulnerability: national weak spots can become entry points for cross-border attacks. Underreporting, especially by private-sector entities, further reduces the visibility of threats. If incident data are incomplete, collective EU security mechanisms suffer delays and blind spots. Greece’s legal transposition of the NIS and NIS2 Directives strengthens the regulatory framework, but the challenge lies in translating these laws into operational capacity. Weak inter-agency coordination and limited resources, as noted in earlier work [
8], constrain enforcement. Thus, enhancing detection, reporting, and intelligence sharing in Greece is not only a national priority but also a regional necessity for EU resilience.
5.1. Advanced Fraud Methods
Traditional fraud has become more complex. Greek data confirm its dominance, with offenders exploiting phishing, e-banking, and fake e-commerce schemes. Attackers bypass two-factor authentication, steal one-time passwords, and exploit messaging applications with increasing technical sophistication. Operation APATE illustrates both the persistence of fraud and the state’s ability to respond: 155 network members were arrested, yet losses exceeded EUR 6 million [
33]. From an RAT perspective, fraud thrives because motivated offenders exploit digital opportunities with limited guardianship, while deterrence is weakened when victims underreport or banks manage incidents internally. Compared with the EU and U.S., where ransomware dominates, Greece’s continued fraud dominance highlights national vulnerabilities tied to its economic structure.
5.2. The Role of Artificial Intelligence (AI) in Fraud
AI tools have amplified the sophistication of scams. Automation enables convincing phishing websites, deepfake videos, and synthetic voices that bypass traditional detection. In Greece, AI-enhanced fraud is emerging against a backdrop where fraud is already the leading category, compounding existing vulnerabilities. Socio-technical theory is useful here: technological innovations like deepfakes undermine trust mechanisms embedded in social interaction, requiring not only technical defenses but also cultural and awareness-based guardianship. The Greek public’s uneven cybersecurity awareness magnifies the risk. Unless detection capabilities keep pace, AI-driven attacks may exacerbate fraud’s dominance in the national profile.
5.3. Proliferation of Investment, Technical Support, and Romance Fraud
Investment, technical support, and romance scams are increasingly linked to cryptocurrency use, which complicates detection and recovery. In Greece, these scams particularly affect vulnerable citizens, reinforcing fraud’s prevalence as the leading cybercrime. Compared to U.S. FBI IC3 reports, which show billions in annual losses, Greek case numbers are lower but proportionally significant. The socio-technical dimension is evident: offenders exploit trust, emotional vulnerability, and financial inexperience, while anonymous payment channels such as cryptocurrency shield their activities from detection.
5.4. Sophisticated Cyberattacks
Although Greece recorded a stable number of cyberattacks in 2023, their complexity has grown. Offenders use social engineering tied to topical issues—government benefits, deliveries, or business transactions—along with encrypted communications and digital payment systems. From a deterrence perspective, sophistication reduces certainty of detection, weakening legal deterrents even when frameworks like NIS2 exist. Compared with EU states, where ransomware is increasingly visible, Greece’s lower numbers may reflect detection gaps rather than true prevalence. This reinforces the need for layered defense strategies, combining technical monitoring with improved inter-agency coordination.
5.5. Anonymous Payment Methods and Challenges for Law Enforcement
Anonymous payment systems such as prepaid cards and cryptocurrencies (Bitcoin, Ethereum, Monero) pose major challenges for law enforcement authorities (LEAs). Greek investigations confirm that following the money trail is increasingly difficult, undermining traditional investigative techniques. This limits both deterrence and effective guardianship, as offenders exploit financial anonymity. EU-level cooperation is critical here: without advanced analytic capabilities for tracing blockchain flows and international legal tools for asset recovery, national efforts remain insufficient. For Greece, resource limitations magnify this challenge, as only a few specialized units can handle such investigations.
5.6. Implications for Legislators, Business, and the Public
The trends highlight the increasingly complex and globalized nature of cybercrime. For Greece, three implications stand out. First, legislative alignment is necessary but insufficient. Although NIS2 and related laws broaden oversight, operational enforcement lags, particularly among SMEs. Second, law enforcement capacity requires urgent strengthening. Without adequate staffing and digital forensics tools, even robust legislation cannot achieve deterrence. Third, awareness remains the weakest link: many individuals and SMEs lack basic cybersecurity practices, leaving them exposed. Compared with EU averages, Greek awareness campaigns have had a limited measurable impact, echoing critiques in the literature [
7].
Public–private partnerships are essential. Businesses must adopt proactive measures such as employee training against deepfake fraud, while governments provide regulatory support and intelligence sharing. Civil society actors can enhance trust and rights-respecting approaches. At the same time, Greece’s geopolitical context as an EU and NATO member in the Eastern Mediterranean elevates its exposure to cross-border risks, especially in critical infrastructure. Prior studies have noted cyber activity in asymmetric conflict settings [
36], underscoring the strategic dimension of cyber resilience. Yet, Greece lacks a national accounting mechanism to estimate cybercrime’s economic costs, unlike global research that estimates trillions in annual losses [
11]. This hinders rational resource allocation and long-term planning.
5.7. Actions to Improve Cybersecurity
To address these challenges, coordinated and multi-level interventions are necessary. At the state level, increased funding for law enforcement training and digital modernization should be prioritized. A holistic national cybersecurity strategy must include regular assessments of vulnerabilities, integration of diverse stakeholders, and adaptation to evolving threats. For SMEs, targeted support programs—subsidized training, affordable security solutions, and clear compliance guidance—are crucial to closing resilience gaps. Public awareness campaigns must be redesigned to align with behavioral insights, as recommended in socio-technical analyses [
7]. Community organizations and universities can lead such initiatives, ensuring reach beyond major corporations.
Finally, public–private partnerships must evolve into real-time intelligence-sharing platforms, accelerating innovation and resource pooling. Civil society engagement is vital to maintain trust and legitimacy. Future research should empirically evaluate whether these interventions reduce fraud prevalence, improve reporting rates, or enhance resilience. Without such evidence, legislative ambition risks remaining symbolic. This study, therefore, highlights not only the persistence of fraud as Greece’s leading cybercrime, but also the urgent need for the empirical evaluation of legal and institutional effectiveness—an academic gap that remains largely unaddressed.
6. Future Work and Concluding Remarks
A historical analysis of cybercrime’s evolution provides a critical framework for understanding perpetrators’ objectives, their victim profiles, and the methods employed to exploit vulnerabilities. This study’s findings—fraud dominance, fluctuating cases of child exploitation, and rising institutional workload—highlight the need for a standardized framework to systematically document cybercrime. The irregularity of existing datasets (2009, 2012, 2023) and the harmonization challenges faced in this research underscore how the absence of a consistent structure hinders both longitudinal comparison and evaluation of interventions. Establishing a formalized national procedure for recording and publishing cybercrime data is therefore essential. Systematic annual monitoring would mitigate temporal inconsistencies, support more robust trend analysis, and enable stakeholders to assess the real impact of protective measures. From a Routine Activity Theory perspective, such monitoring would help measure the adequacy of guardianship over time, while deterrence theory suggests that more transparent statistics could strengthen the perception of enforcement certainty.
Developing national-level key performance indicators (KPIs) would also improve Greece’s ability to evaluate its cybersecurity posture. Current organizational metrics such as Mean Time to Detect (MTTD) or Patch Compliance Rate [
28] are valuable but too narrow for assessing national resilience. Instead, broader KPIs—such as Legislative Compliance Rate, Cost of Cybercrime to the National Economy, Proportion of Reported Incidents Investigated, or Conviction Rates for Cybercrime—would provide more meaningful insights into guardianship, deterrence, and socio-technical resilience. While defining such metrics is a challenge, their benefits would be considerable: quantifiable benchmarks for legislators, law enforcement, and industry to guide strategic decisions and allocate resources effectively.
Beyond statistical frameworks, future research must explore offender characteristics and behavioral patterns. The persistence of fraud, accounting for nearly half of Greek cybercrime cases, calls for a deeper inquiry into offender strategies and organizational structures. Interviews with convicted offenders, analysis of judicial case files, or collaboration with investigative units could provide valuable insights into motives and modus operandi. Similarly, the protection of minors requires understanding how offenders exploit new socio-technical tools such as deepfakes. These approaches would bridge the gap between descriptive reporting and predictive threat modeling, moving beyond “what happened” to “why it happened” and “how it might evolve.”
Victimization and underreporting are equally critical areas for future study. As this research emphasized, official statistics underrepresent true prevalence, particularly among SMEs and large corporations that manage incidents internally. Surveys, anonymous reporting platforms, and partnerships with industry groups could help quantify hidden victimization. Such methods would also capture the socio-technical dimension of vulnerability, where organizational culture and awareness gaps often matter as much as technical defenses. Incorporating these data would allow a more comprehensive assessment of Greece’s deterrence capacity, since deterrence depends not only on laws but also on visible and trusted enforcement.
Emerging technologies such as Artificial Intelligence (AI) and the Internet of Things (IoT) warrant particular attention in future research. AI has already been weaponized for fraud through deepfakes and automated phishing, while IoT devices create new attack surfaces. For Greece, where fraud remains structurally dominant, the integration of AI into existing schemes poses a severe risk. At the same time, AI and IoT may offer defensive opportunities, including predictive analytics and anomaly detection. Future studies should assess how these technologies reshape the offender–guardian relationship, aligning with socio-technical theory’s emphasis on human–technology interaction.
Finally, sustained research is needed on the effectiveness of policy and regulatory frameworks. While Greece has aligned with EU directives, such as NIS and NIS2, no empirical assessments exist of their actual impact on reporting rates, deterrence, or resilience. Operations such as APATE demonstrate strong enforcement in specific domains, but systematic evaluation is absent. Future academic work should therefore measure whether legislation and awareness campaigns translate into tangible reductions in fraud, increased reporting, or stronger institutional trust. Without such evidence, legislative ambition risks remaining symbolic rather than transformative.
In conclusion, the evolution of cybercrime in Greece mirrors global trends but also shows distinctive national patterns, particularly the persistence of fraud and the emerging role of AI-enabled scams. Building resilience requires a proactive, multi-stakeholder approach, combining legislative alignment, operational capacity, and public engagement. Particular attention is needed for SMEs, which remain the most vulnerable actors. Targeted awareness campaigns, subsidized training, and accessible compliance mechanisms can help close these gaps. Law enforcement must receive sustained investment in digital forensics, blockchain analysis, and personnel training to enhance both deterrence and guardianship. By standardizing data collection, developing national-level KPIs, and empirically assessing the impact of laws and operations, Greece can bridge the gap between legal ambition and operational reality. Only through this evidence-based, collaborative approach can the country secure a resilient digital ecosystem capable of responding to both current and emerging threats.