In 2024, Estonia recorded 6,515 cyber incidents with impact. Phishing led the list with over 4,200 cases, followed by service disruptions, fraud, and malicious redirects.
Indian journalists meeting Estonian Prime Minister Kristen Michal.
Synopsis: Cyber defence, according to the Estonian prime minister, is a promising area for partnership between Estonia and India. It is seeking to deepen its cooperation with India in the field of cybersecurity, leveraging its expertise developed over nearly two decades of digital threats
Estonia is seeking to deepen its cooperation with India in the field of cybersecurity, leveraging its expertise developed over nearly two decades of digital threats — many of them linked to geopolitical tensions with Russia.
In an interaction with South First Deputy Editor Nolan Pinto, Estonian Prime Minister Kristen Michal emphasised his country’s commitment to international collaboration, particularly with nations like India that are rapidly advancing in the digital domain.
“Estonia has a long tradition and very strong experiences coming from Russia’s cyber-attacks against us since 2007. We have been under constant attacks from Russia, and our IT sector has evolved — and is still evolving — quite rapidly,” said Michal.
Cyber defence, according to the Estonian prime minister, is a promising area for partnership between Estonia and India. “On defence cyber-security, we are probably strongest. And that’s an area where we can truly work together. What’s unique about Estonia is that unlike many European countries where the public and private sectors work in silos, we have built a model of close cooperation — and it works remarkably well.”
He cited an example of the Cyber Defence League, in which the private sector is cooperating with the state to help fight various cyber attacks. “They also have gained this kind of knowledge of what is happening in this field,” he added.
Also Read: Why India urgently needs a data protection law
Lessons from the Bronze Soldier Crisis
Estonia’s leadership in cybersecurity was born out of crisis. In 2007, the country faced a watershed moment now referred to as the Bronze Soldier Crisis.
When the Estonian government decided to relocate a Soviet-era World War II memorial in Tallinn, it ignited violent riots among Russian-speaking residents and triggered a wave of unprecedented cyberattacks. Widely attributed to Russia, these attacks are considered one of the world’s first instances of state-level cyber warfare.
“The 2007 attacks taught us that cyber threats are not confined by borders. If one institution is targeted, the impact is often felt across the board,” said Taavi Viilukas, Head of the National Cyber Security Department at the Ministry of Justice and Digital Affairs.
Following the attacks, Estonia acted swiftly. Its first national cybersecurity strategy (2008–2013) was launched in 2008. This momentum also led to the creation of NATO’s Cyber Defence Centre of Excellence (CCDCOE) in Tallinn and the inception of Locked Shields, one of the world’s largest cyber defence exercises.
Strengthening resilience
Over the years, Estonia has bolstered its cyber defences significantly. The National Cyber Incident Response Team (CERT-EE), established just before the 2007 attacks, was strengthened with more resources, capabilities, and closer collaboration across sectors. Estonia also began contributing actively to the European Union (EU) and NATO cyber-security policies, emphasising crisis management, risk assessment, and resilience.
The nature of cyberattacks has evolved, too. “Before, in cyberspace, the motivation behind it was money. However, nowadays, the attacks that we are experiencing are very political. If we say something against, or make a statement against a country, and those activists, we call hacktivists, are not satisfied with what the Estonian nation is saying, then we will experience a flood of DDoS attacks, usually,” said Viilukas.
While the number of DDoS incidents has grown dramatically — from 75 in 2021 to 580 in 2024 — their overall impact has diminished, thanks to improved infrastructure and preparedness. In 2024, Estonia recorded 6,515 cyber incidents with impact. Phishing led the list with over 4,200 cases, followed by service disruptions, fraud, and malicious redirects.
Also Read: Telangana augments digital defences with cybersecurity policy, initiatives
Cyber hygiene and public awareness
Despite advanced defences, Estonian officials stress the importance of basic digital hygiene. “Often, the most effective protection is also the simplest — regular software updates, secure passwords and awareness,” said Carmen Raal, International Cyber Security Cooperation Advisor.
Irina Klement, Head of Cyber Risk Management at the Ministry of Justice and Digital Affairs, added, “Cyber hygiene is very important. As you have seen, the major problem is still sitting between the chair and the computer. So, awareness is number one.”
With cyber threats becoming increasingly global and complex, Estonia sees the partnership with India as a logical next step.
South First joined a group of Indian journalists visiting Estonia as part of a government-led outreach program. The goal was to showcase Estonia’s achievements in areas like the economy, ICT, e-government, and technology to the Indian audience.
(Edited by Muhammed Fazil.)
