Cybersecurity in the EU


© BeeBright/Shutterstock

Cyber attacks doubled in Europe in 2020 compared to the previous year. During the most acute phase of the COVID-19 pandemic, many aspects of our lives moved online: socialising and shopping, as well as work. As the number and variety of data available online multiplied, the pandemic made the cybercrime business more profitable: the risks of data theft and paralysis of online services became much more serious.

The EU was forced to confront this emergency and had to take it into account in its cybersecurity strategy. In 2020, the NIS  (Network and Information Security) Directive was updated with the approval of NIS2, which defines the cybersecurity targets to be achieved by the member states and the institutional set-up of the supervisory bodies. How are European countries dealing with this emergency?

Main findings:

  • In 2020, Enisa (the European Union Agency for Cybersecurity) recorded 304 cyber attacks within the EU, more than twice as many as in the previous year. The sectors most affected by cyber criminals are the strategic ones: medical and administrative.  
  • Various types of crimes were recorded, with very different characteristics, motivations and criticalities: cybercrime, hacktivism, espionage, cyber warfare, and so on. 
  • Cyber warfare and crimes related to espionage or sabotage are those that grew the most in 2020 compared to 2019: +30.4 %. 
  • The consequences of attacks can be dramatic: in Brno, an attack on a hospital caused urgent operations to be postponed and seriously ill patients to be transferred.
  • The EU has limited competences with regard to cybersecurity: it only intervenes in aspects that could not be effectively addressed by individual states.
  • The new European cyber security strategy NIS2 has three key areas: improving the EU’s resilience against cyber attacks, strengthening its operational capacity to prevent and respond to attacks, and promoting a global and open cyberspace.


  • The shadow of Russia has always loomed over the internet, but the pandemic, which moved citizen’s lives into the digital sphere, saw a rise in security breaches within European businesses and institutions. Cyber attacks against key European sectors doubled in 2020. Although Brussels is working to plug the gaps, the invasion of Ukraine threatens to intensify the cyber war.

    March 8, 2022

  • European agencies play a supporting and coordinating role in European cybersecurity. However, with reference to specific EU regulations, every member state can establish its own organ to safeguard both private and national interests.

    January 28, 2022

  • The Cybersecurity Agency has been tasked with building a common defence, without any faults, against cyberattacks in the EU. While it seemed like an uphill struggle at first, restructure after restructure has built it into an organisation at the forefront of fighting Brussels’ war on cybercriminals.

    December 13, 2021

  • The Covid-19 crisis has turned us into a digital society. Large parts of our day-to-day lives now take place in the digital sphere and this has made Member States much more vulnerable to cyberattacks. To neutralise them, the European Commission launched its new Cybersecurity Strategy in December 2020.

    December 2, 2021

The data unit

EDJNet members which took part in this investigation: