EU Media Reporting Tracker
Online report updated monthly
Our tracker covers non-paywalled articles from:
The tracker analyses the extent to which these media report on cyber incidents, compared to other sources, including reports from IT companies, governments, and social media. It covers incidents added to the database since January 2023.
The data provides insights into the disparities/similarities between the cyber security expert community and the mainstream media, which continues to play a crucial role in shaping public perception in European societies.
Cyber incidents receive limited attention in the mainstream EU media
Overall, only 5.5% of cyber incidents recorded by EuRepoC since January 2023 were also reported in the tracked EU media.
This figure increases when looking only at cyber incidents that targeted EU member states, but still remains low at 14.6%.
Percentage of cyber incidents reported by EU media
out of all incidents recorded by EuRepoC
● All incidents ● Incidents targeting EU member states
Number of cyber incidents reported by media country and targeted country
We see a lack of Europeanised reporting on cyber incidents
The EU media tend to report cyber incidents where their own country was targeted or cyber incidents targeting non-EU member states – particularly the United States. Very few outlets report cyber incidents targeting other EU member states. This is partly due to the comparatively high vulnerability of US targets to cyberattacks, but also to a particularly high number of US actors first reporting on cyber incidents, whose reports are then picked up by EU media.
The heatmap to the right shows the number of incidents reported by outlets in the 9 EU member states covered by this analysis by targeted country.
DDoS/Defacement operations are over reported
Since January 2023, 33% of incidents reported by the media were DDoS operations, whereas these operations only represent 16.5% of all operations added to the database over the same period (green bar).
Difference between EU media coverage of different operation types vs.
their actual share of the EuRepoC database
Use the dropdown menu on the top left of the graph to display the figure for specific months and/or only for incidents targeting EU member states.
There's a significant delay between the start of a cyber incident and its media coverage.
On average, incidents are reported 6 months after they initially take place. The delay ranges from a few months to as long as 53 months—approximately 4 years—in some cases. This time lag is indicative of the time often required for a cyber incident to be detected and/or disclosed by the affected parties.
DDoS/defacement and wiper operations are reported much quicker than other types of operations, as due to their disruptive effects, they are necessarily designed for timely detection, also by third parties outside of the target organisation.
Number of months between the start of an incident and the media report
To zoom into a specific area of the graph, select the area using the cursor. Double-click on the graph to reset back to the default zoom settings.
Media reporting on cyber incidents linked to the Russia-Ukraine conflict has a strong national focus.
Since January 2023, we recorded 112 cyber incidents linked to the Russia-Ukraine conflict, of which only 12% (13) were reported in the EU media covered under this analysis.
The EU media mainly reported incidents linked to the conflict when EU member states were affected – particularly their own member state. Specifically, 10 of the 13 reported incidents targeted EU member states, 8 of which the country of the reporting media outlet. On the other hand, none of the incidents targeting Ukraine were reported and only 2 of those targeting Russia.
Number of cyber incidents linked to the Russia-Ukraine conflict by targeted country
Cyber incidents reported in the EU media since January 2023
The table below displays details on all the cyber incidents reported by the 30 EU media outlets covered by this analysis, for incidents added to the EuRepoC database since January 2023.
Note on methodology
This analysis only covers media articles that are not behind a paywall.
Each source is scanned daily and automatically as part of the general EuRepoC data collection methodology. We cover the media sections on national and international politics and columns on cybersecurity/technology (see table below).
Please note that EuRepoC only considers cyber incidents that have a political dimension. It is possible that the EU media outlets covered by this analysis reported on additional cyber incidents outside the scope of the EuRepoC project.