State services did not take into account suggestions and instructions to avoid cyberattacks, the House ethics committee heard on Wednesday.

Behind closed doors, in a discussion tabled by Disy’s George Karoullas and Kyriacos Hadjiyiannis, and DIko’s Panicos Leonidou, deputies mulled preventative measures for protecting public and wider public sector data from cyberattacks.

The session was also attended by Research, Innovation and Digital Policy Minister Philippos Hadjizacharia.

Committee chair Demetris Demetriou said the issues at hand are very serious, and the first conclusion is that there was an underestimation of the risks, plus fundamental issues known to the services that were not resolved on time.

He added that policies to prevent any new attacks will be heard at the next meeting.

Demetriou said the overarching issue is a mindset problem, as cyberattacks “don’t wait for the public sector to open to attack”.

He added that apart from some structural elements, what needs to change is the flippant attitude that seems to exist.

Karoullas emphasised the need for constant updates to security systems and data storage infrastructure, “especially in a partly-occupied country with a developed service sector”.

He added that the level of cybersecurity capabilities should be modernised according to the most effective international standards.

“As the committee has heard, many cyberattacks could have been avoided if appropriate measures had been taken beforehand as indicated by the digital security authority,” he said.

The committee has heard things that did little for the state’s image, Akel MP Andreas Pasiourtides said.

According to him, the digital security authority and the internal auditor said they had made repeated recommendations to the land registry’s IT department about gaps that existed and improvements that needed to be made, which were not implemented.

“If these changes had been made, the cyberattack on the land registry would have been avoided,” he said.

Today, land registry data is in the hands of hackers, Pasiourtides added, saying that this constitutes “terrible negligence” on part of state agencies, which should be investigated and punished accordingly.

The Republic of Cyprus is almost bare when it comes to cybersecurity, Depa’s Alekos Tryfonides said.

“Despite the fact that after the 2018 cyberattack on the foreign ministry it was decided to create the necessary infrastructure, nothing substantial has happened since,” he said, adding that as the committee heard, any suggestions to improve cybersecurity “fell on deaf ears”.