Lisbon, Dec. 15, 2025 (Lusa) - Almost half (48%) of Portuguese small and medium-sized enterprises were targeted by at least one cyberattack related to the use of artificial intelligence (AI) technology in the last year, according to a report released on Monday by specialist insurance company, Hiscox.

According to the Hiscox 2025 Cyber Readiness Study, "the cyber reality for Portuguese companies is increasingly demanding: 54% of companies have been targeted by at least one attack in the last 12 months, with more than half reporting between one and ten incidents".

Regarding attacks linked to AI-related vulnerabilities, "48% of Portuguese companies confirm that they have been the target of at least one cyberattack in the last 12 months," which indicates that "cybercriminals are actively exploiting the weaknesses generated by the rapid adoption of this technology," according to the international insurance group's study.

The most commonly reported type of attack "was on corporate IoT [Internet of Things] devices, found in industrial equipment, sensors and connected infrastructure, which affected 33% of companies".

This is "followed by frequent attacks on companies' internal servers (30%)".

The study also points to “employees mobile devices, such as laptops and mobile phones (29%), attacks targeting employees through phishing or social engineering (28%), the company's own mobile devices (27%), corporate email compromises (27%), supply chain failures (26%), cloud servers (24%), remote access services such as VPN (24%), and denial-of-service (DDoS) attacks (23%)".

According to the report, AI-related tools are also emerging as a gateway for these cyberattacks, affecting almost a quarter (24%) of companies.

"Despite the increase in threats, Portuguese companies maintain a largely positive view of AI," since for a large majority (86%) this technology "is above all a fundamental asset for innovation and competitiveness."

As for vulnerabilities, 26% consider that their software and systems may have flaws, 25% point to network infrastructure as a possible entry point for threats, 18% recognise that employees may be targeted by phishing or social engineering attacks, 17% consider that physical facilities may be exposed to attacks or failures in public services, and 14% warn of risks associated with partners or third parties who have access to company data or systems.

The use of generative AI [which has the ability to generate content] brings new challenges to companies, with 22% of companies anticipating AI-powered social engineering attacks in the next five years and 21% highlighting the use of compromised data or tampered AI models.

About 19% fear that AI will take control of company data, and 18% identify vulnerabilities in third-party AI tools, such as ChatGPT, according to the study.

Portuguese small and medium-sized enterprises point to investment priorities such as "employee training and awareness as one of the most important measures to increase resilience to the dangers of AI (46%)". Almost half (46%) plan to "ensure that their cyber insurance policies include risks associated with AI".

The report for this year "shows how AI has become a tool with great potential for Portuguese small and medium-sized enterprises, but also a new threat to their cybersecurity," said Ana Silva, cyber lead at Hiscox Portugal and Spain, quoted in a statement.

The study was conducted by Hiscox in collaboration with the consulting firm Wakefield Research and developed through interviews with a sample of 5,750 professionals responsible for cybersecurity strategy in the US, France, Germany, Spain, the UK, Ireland and Portugal. The respondents work in companies with fewer than 250 employees (small and medium-sized enterprises).

ALU/AYLS // AYLS

Lusa