‘We’re Losing Badly to Hackers’: EU Cyber Chief Sounds Alarm on Europe’s Digital Defences

Europe is struggling to keep up with the scale and speed of modern cyber threats, and its current approach to digital security is no longer sufficient, the head of the European Union’s cybersecurity agency has warned. As cyberattacks grow more frequent and sophisticated, the gap between attackers and defenders is widening, leaving vital systems across the continent increasingly vulnerable.

Speaking from Brussels, the executive director of the EU Agency for Cybersecurity (ENISA) cautioned that Europe is “falling behind” hostile actors in cyberspace. He stressed that without a fundamental shift in strategy, the bloc risks losing control over the security of its digital infrastructure.

Rising Attacks, Real-World Consequences

The warning comes after a string of high-impact cyber incidents across Europe in recent years. Attacks have disrupted airport operations, interfered with democratic processes, and forced hospitals to suspend critical services, demonstrating that cyber threats now pose direct risks to public safety and economic stability.

Security analysts have recently highlighted an attempted breach of Poland’s power grid, reportedly linked to Russian actors. Meanwhile, Germany’s central bank has disclosed that it faces thousands of cyberattacks every minute, illustrating the relentless pressure on Europe’s financial institutions and government networks.

Cybersecurity Lagging Behind Geopolitical Reality

These challenges are unfolding amid a tense geopolitical environment. Europe is dealing with war on its eastern border, China’s expanding influence over global technology supply chains, and uncertainty surrounding long-term security cooperation with the United States. In response, many EU member states have committed to higher defence spending, while Brussels has increasingly prioritised strategic autonomy.

However, the ENISA chief warned that strengthening conventional defence without matching investment in cybersecurity leaves a dangerous blind spot. Cyber resilience, he argued, must be treated as a core element of Europe’s overall security architecture, not a secondary concern.

Push to Expand ENISA Falls Short

The comments follow a European Commission proposal to revise the EU’s Cybersecurity Act, which would give ENISA greater authority, a larger workforce, and a higher operational budget. Based in Athens, the agency currently employs roughly 150 staff, with modest expansion planned under the new proposal.

While welcoming the initiative, the agency’s leadership said the measures are insufficient given the scale of the threat. Comparisons were drawn with other EU bodies such as Europol and the border agency Frontex, which employ more than 1,400 and 2,500 personnel respectively and continue to receive substantial funding increases.

According to the ENISA chief, a simple upgrade will not close the gap. He argued that at minimum, the agency’s capacity should be doubled and supported by the creation of a robust, EU-level cyber infrastructure to counter years of underinvestment.

Threats Evolving Faster Than Defences

The pace of change in the cyber threat landscape has been dramatic. When the current ENISA leadership took office in 2019, around 17,000 software vulnerabilities were identified globally each year. By 2025, that number had climbed beyond 41,000.

More alarming is how quickly attackers now exploit these flaws. What once took weeks or months can now happen within a single day. The growing use of artificial intelligence by malicious actors has further accelerated their ability to detect, weaponise, and deploy attacks at scale.

Europe’s Dependence on External Cyber Infrastructure

Another concern raised was Europe’s long-standing reliance on US-based systems for managing and cataloguing software vulnerabilities. While these tools benefit European governments and companies, much of the responsibility and cost of maintaining them has fallen on American institutions.

The ENISA chief argued that Europe must assume a greater share of responsibility within the global cybersecurity ecosystem. In recent steps toward that goal, ENISA has begun operating its own vulnerability database and has taken on a more prominent technical role internationally.

A Narrow Window for Reform

Cybersecurity specialists warn that without rapid increases in funding, staffing, and coordination, critical sectors such as energy, healthcare, transportation, and finance will face escalating risks. As digital threats continue to evolve faster than defensive systems, the pressure on European institutions is only expected to grow.

The message from Europe’s top cyber official is clear: incremental changes are no longer enough. A comprehensive overhaul of the EU’s cybersecurity strategy is needed if the bloc hopes to defend itself effectively in an increasingly hostile digital world.