Two of the attacks involved the complete destruction of all information involved, Gameiro Marques told CNN Portugal, who insisted that the determining factor in the scale of the damage caused by these attacks was whether or not the companies involved had prepared in advance for cyber-attacks.

The Director-General did not explicitly identify any of the victims of these attacks but did clarify that two of them were attacks on state institutions, while a further six victims were private companies.

Main threat

Ransomware attacks are now the “main threat” in the world of cybersecurity, said Martin Kreuzer, senior risk manager at Munich Re. Ransomware attacks typically involve the hacker or intruder holding a victim’s data and information from them, promising that the information and data will be given back upon payment of a ransom. However, these are not the only cases, as evidenced by the two cases in Portugal this year wherein data was outright destroyed.

“It is not a case of whether or not you will be attacked, but when you will be attacked,” said Jorge Portugal, general manager of Cotec.

Gameiro Marques further specified two of the eight organisations that were attacked this year had invested heavily into cybersecurity. The companies that had prevention and reaction plans "were able to clearly mitigate" the effects of the attacks. Because they were quick to act and communicate.

“There are no impregnable organisations. But there is a big difference between those who prepared and those who did not.”


"In one of the attacks, an organisation with millions of customers was quick to act, resumed activities quickly and was very effective in communicating transparently to its customers, including through its CEO," said António Gameiro Marques.

This company, although not named by Gameiro Marques, was probably Vodafone, who were attacked earlier this year. The company’s CEO Mário Vaz held a press conference on the attack at the time.

The National Centre for Cybersecurity is operating a number of free online courses aimed at mitigating the effects of cyber-attacks by empowering people to be more vigilant in the digital sphere.