In April 2007, the Baltic nation of Estonia woke up to one of the world’s first major cyber-attacks on civil society carried out by a state. A series of massive “distributed denial of service” assaults – floods of fake traffic from networked computers – targeted government websites, banks, media outlets and online services for weeks, slowing or shutting them down.

These cyber-attacks followed Estonia’s decision to relocate a Soviet-era war memorial and war graves from the centre of the capital city, Tallinn, to a military cemetery.

Amplified by false reports in Russian media, this sparked nights of protest and rioting among Russian-speakers in Tallinn – and cyber chaos throughout the country. Though the cyber-attack was never officially sanctioned by the Kremlin, the “faceless perpetrators” were later shown to have Russian connections.

Estonia has since transformed itself, in part through voluntary initiatives such as the Cyber Defence Unit (a network of private-sector IT experts), into a leader in this field. It is home to Nato’s Cyber Defence Centre of Excellence, and ranks fifth in the International Telecommunication Union’s global cybersecurity index – alongside the UK.

But in many ways, Estonia is far ahead of Britain in its cybersecurity planning. A 2025 government review found that nearly one-third of the UK’s public sector IT........

© The Conversation