Skip to content

EU Media Reporting Tracker

Online report updated monthly

scroll down

Our tracker covers non-paywalled articles from:

news outlets


EU member states

The tracker analyses the extent to which these media report on cyber incidents, compared to other sources, including reports from IT companies, governments, and social media. It covers incidents added to the database since January 2023.

The data provides insights into the disparities/similarities between the cyber security expert community and the mainstream media, which continues to play a crucial role in shaping public perception in European societies.

Cyber incidents receive limited attention in the mainstream EU media

Overall, only 6% of cyber incidents recorded by EuRepoC since January 2023 were also reported in the tracked EU media.

This figure increases when looking only at cyber incidents that targeted EU member states, but still remains low at 12%.

Percentage of cyber incidents reported by EU media
out of all incidents recorded by EuRepoC

All incidents     Incidents targeting EU member states

Number of cyber incidents reported by media country and targeted country

We see a lack of Europeanised reporting on cyber incidents

The EU media tend to report cyber incidents where their own country was targeted or cyber incidents targeting non-EU member states – particularly the United States. Very few outlets report cyber incidents targeting other EU member states. This is partly due to the comparatively high vulnerability of US targets to cyberattacks, but also to a particularly high number of US actors first reporting on cyber incidents, whose reports are then picked up by EU media.

The heatmap to the right shows the number of incidents reported by outlets in the 9 EU member states covered by this analysis by targeted country.

DDoS/Defacement operations are over reported

Since January 2023, 30% of incidents reported by the media were DDoS operations, whereas these operations only represent 15% of all operations added to the database over the same period (green bar).

Other less visible incidents (e.g. hijackings or data theft), are underreported (red bar), despite often having more severe socio-economic consequences than DDoS/defacement attacks. This is significant as the increased attention given to DDoS attacks can play in the hand of the attackers. It can lead to a distorted threat perception of European citizens as well as a misallocation of public cybersecurity resources.

Difference between EU media coverage of different operation types vs.
their actual share of the EuRepoC database

Use the dropdown menu on the top left of the graph to display the figure for specific months and/or only for incidents targeting EU member states.

There's a significant delay between the start of a cyber incident and its media coverage.​

On average, incidents are reported 8 months after they initially take place. The delay ranges from a few months to as long as 108 months—approximately 9 years—in some cases. This time lag is indicative of the time often required for a cyber incident to be detected and/or disclosed by the affected parties.

DDoS/defacement and wiper operations are reported much quicker than other types of operations, as due to their disruptive effects, they are necessarily designed for timely detection, also by third parties outside of the target organisation.

Number of months between the start of an incident and the media report

To zoom into a specific area of the graph, select the area using the cursor. Double-click on the graph to reset back to the default zoom settings.

Media reporting on cyber incidents linked to the Russia-Ukraine conflict has a strong national focus.

Since January 2023, we recorded 147 cyber incidents linked to the Russia-Ukraine conflict, of which only 11% (16) were reported in the EU media covered under this analysis.

The EU media mainly reported incidents linked to the conflict when EU member states were affected – particularly their own member state. Specifically, 10 of the 16 reported incidents targeted EU member states, 8 of which the country of the reporting media outlet. On the other hand, only 2 of the incidents targeting Ukraine were reported and only 3 of those targeting Russia.

Number of cyber incidents linked to the Russia-Ukraine conflict by targeted country

Cyber incidents reported in the EU media since January 2023

The table below displays details on all the cyber incidents reported by the 30 EU media outlets covered by this analysis, for incidents added to the EuRepoC database since January 2023.

Note on methodology

This analysis only covers media articles that are not behind a paywall.

Each source is scanned daily and automatically as part of the general EuRepoC data collection methodology. We cover the media sections on national and international politics and columns on cybersecurity/technology (see table below).

Please note that EuRepoC only considers cyber incidents that have a political dimension. It is possible that the EU media outlets covered by this analysis reported on additional cyber incidents outside the scope of the EuRepoC project.


Download static PDF version

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.