Brussels: The European Union must urgently rethink its approach to cybersecurity as it faces an unprecedented surge in the volume and sophistication of cyberattacks, the head of the bloc’s cyber agency has warned, cautioning that Europe is falling dangerously behind hostile actors.
The executive director of the EU Agency for Cybersecurity (ENISA) said Europe is “losing this game” and is failing to keep pace with the rapidly evolving threat landscape. According to him, the gap between attackers and defenders is widening, leaving critical infrastructure increasingly exposed.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The warning comes against the backdrop of a series of damaging cyber incidents across Europe in recent years. Cyberattacks have disrupted airport operations, interfered with election processes and crippled hospital systems, highlighting the real-world consequences of digital vulnerabilities.
In recent days, cyber experts have pointed to an attempted attack on Poland’s power grid that was allegedly linked to Russia. Separately, Germany’s central bank has publicly acknowledged that it faces thousands of cyberattacks every minute, underscoring the relentless pressure on Europe’s financial and institutional networks.
These threats are intensifying at a time when Europe is already grappling with major geopolitical challenges, including war on its eastern flank, China’s growing influence over global technology supply chains and an increasingly uncertain security relationship with the United States. Over the past year, several European countries have pledged to boost defence spending, while EU policies have increasingly focused on security and strategic autonomy.
However, the ENISA chief warned that investing heavily in traditional security while neglecting cybersecurity creates a critical “loophole” in Europe’s overall defence posture. Without treating cyber resilience as a core pillar of security, he said, Europe risks undermining its own strategic objectives.
The remarks follow the European Commission’s recent proposal to overhaul the EU’s Cybersecurity Act. The proposal would allow ENISA, which is headquartered in Athens, to expand its workforce and increase operational spending. At present, the agency employs around 150 staff, with plans to add more positions under the new framework.
Despite welcoming the proposal, the ENISA chief said the measures do not go far enough. He drew comparisons with other EU agencies such as Europol and the EU’s border agency Frontex, which employ more than 1,400 and 2,500 staff respectively and continue to receive additional resources.
“This is not just about an upgrade; it requires a fundamental rethink,” he said, arguing that doubling ENISA’s capacity should be considered the bare minimum. According to him, Europe has underinvested in cybersecurity for years and now needs to build an entirely new EU-level cyber infrastructure to close the gap with adversaries.
Reflecting on the changing threat environment, the agency chief noted that conditions today are vastly different from when he took office in 2019. At that time, around 17,000 software vulnerabilities were being logged globally each year. By 2025, that figure had surged to more than 41,000.
Equally concerning is the speed at which attackers exploit these weaknesses. Whereas hackers previously took an average of several weeks or months to weaponise newly discovered flaws, the window has now shrunk to roughly a single day, according to industry and government data. The rise of artificial intelligence has further accelerated attackers’ capabilities, allowing them to identify and exploit vulnerabilities faster than ever before.
The ENISA chief also highlighted Europe’s long-standing reliance on US-based institutions in critical areas such as vulnerability cataloguing and management. While European companies and startups benefit from these systems, he said, the burden of maintaining them has largely fallen on American organisations.
He argued that Europe must now take greater responsibility and contribute its “fair share” to the global cybersecurity ecosystem. In that direction, ENISA has begun operating its own database of cyber vulnerabilities and has taken on a more central technical role within the international cyber infrastructure.
According to cybersecurity experts, unless Europe significantly ramps up investment and institutional capacity, vital sectors such as energy, healthcare and finance could face heightened risks in the coming years.
As cyber threats continue to evolve faster than defensive systems, the warning from Europe’s cyber chief adds urgency to calls for a comprehensive overhaul of the EU’s digital security strategy.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
