Cybercrime Cases in Iceland Increase Sharply, Experts Warn

2026-03-17 - 08:56

Cybercrime in Iceland has risen sharply in recent years. As reported by RÚV, authorities are recording a significant increase in reported incidents and warning that attacks are becoming more complex. What's the Story? 2,312 cyber incidents recorded by CERT-IS in 2024, up from 598 in 2021 Around ISK 2 billion lost to payment fraud between 2023 and 2025, according to the Central Bank of Iceland Increasing system intrusions and fraud using artificial intelligence tools Credit: Iceland Review. Rising digital threats According to data from CERT-IS, 2,312 cyber incidents were reported in 2024, compared with 598 in 2021. Experts say this reflects a broader shift towards more organised and harder-to-detect attacks, many of which target businesses as well as individuals. Magni R. Sigurðsson, director of CERT-IS, said intrusions into company systems are becoming more common, with attackers gaining access to internal communications and waiting for opportunities to commit fraud. “Then the attacker reacts by changing the invoice information and the company makes a payment to the fraudster’s account,” he said. Figures from the Central Bank of Iceland show that losses linked to payment fraud totalled around ISK 2 billion between 2023 and 2025. A man analyses data on a computer screen. Photo: Rawpixel. Public domain. Specialists also point to the growing role of artificial intelligence in enabling cybercrime. Ýmir Vigfússon, chief technology officer at Keystrike, said human error remains a major vulnerability. “Fifty percent of all attacks go through some kind of employee,” he said. Authorities have also identified threats linked to state-backed actors. Reporting by Iceland Review has previously highlighted cybersecurity concerns in Iceland, including attacks on public institutions and infrastructure. Former US cybersecurity official Jen Easterly warned that cyber threats now range from espionage to disruption of essential services. Experts say many attacks go undetected, emphasising the need for stronger security practices across both public and private sectors.