Download the full report here.

EuRepoC has been tracking cyber operations of political implication and state responses dating back two and a half decades. The Repository combines this depth in data with the continuous daily expansion of the dataset to enable short-term and long-term trend analysis. This Balance draws on EuRepoC’s open-source data to empirically assess the challenges the EU’s new regulatory package needs to address to achieve a future-proof European situational awareness.

The EuRepoC findings highlight the problem of the cumulative effects of cyber attacks, which are not defined in more detail in the legal acts. While the overall number of unique operations targeting EU entities slightly decreased, the number of affected targets increased, indicating growing cumulative and spill-over effects across interconnected sectors. At the same time, individual operations often remained below the formal threshold of “large-scale” cyber incident, yet cumulatively contribute to systemic strain.

Key Findings:

• While the amount of net incidents decreased for the first time since the COVID-19 pandemic, the number of EU targets affected increased.
• Transportation and Health sectors were the most-targeted sectors, while Digital Providers saw a stark increase in attacks.
• The transnational nature of ransomware has complicated attributions, while operations to disrupt ransomware infrastructure require extensive international cooperation.
• The EU was heavily targeted by Russia- and China-linked threat actors, while both countries increasingly rely on proxy actors. Russian actors prioritise low-cost, high-impact operations (e.g., DDoS), while Chinese actors prioritise stealth and espionage, which is potentially linked to prepositioning efforts.
• Due to the complexity of cyber threats, coordination is lacking; not a single joint attribution was made for an incident targeting the EU.