Europe’s cyber-security crossroads: building resilience through sovereignty

The wars in Ukraine and Gaza, escalating tensions in the South China Sea and the surge in state-sponsored cyber-operations are stark reminders that conflict is no longer confined to land, sea or air. The battlefield extends deep into networks, data centres and software supply chains. In this new environment, Europe’s ability to ensure its own cyber-resilience, its capacity not just to prevent but to withstand and recover from attacks, has become a question of strategic survival.

 

A threat landscape shaped by geopolitics

 

Europe has already witnessed how hybrid conflicts weaponise the digital domain. When Russian troops advanced into Ukraine in February 2022, waves of cyber-attacks hit government servers, media outlets and critical infrastructure. The infamous Viasat satellite hack disrupted internet connections across Europe, even affecting wind farms in Germany.

 

Hospitals in France and Ireland have likewise faced crippling ransomware incidents. These were not isolated events; they highlighted how cyber incidents can cascade into national crises.

 

Transport is another prime target. ENISA reported that between mid-2023 and mid-2024, the EU experienced more than 11,000 cyber-incidents, with 11 per cent hitting the transport sector, from airline reservation systems to port logistics chains.

 

Meanwhile, ransomware gangs increasingly operate as proxies for hostile states, blurring the line between criminality and geopolitics. Cyber-operations targeting critical infrastructure (energy grids, healthcare, logistics and more) are no longer hypothetical risks: they are strategic tools of influence.

 

The hidden weakness: dependency

 

Europe’s cyber-defences are not only challenged by external threats. They are undermined by dependencies: on non-European cloud providers, foreign security tools and opaque software supply chains.

 

HarfangLab’s State of Cybersecurity Report found that 78 per cent of European business leaders are more concerned about digital sovereignty than a year ago. Over half (54 per cent) now make procurement decisions with data sovereignty in mind, and 31 per cent favour on-premises cyber-security tools rather than fully cloud-based ones. This highlights a raised awareness in European businesses of the number one topic in cyber-security: control. Indeed, while international tensions are growing, so are concerns about the dependency on international tools for critical digital infrastructure and software, with 70 per cent of European companies agreeing that they should reduce their dependency on foreign providers.

 

This preference is not about nostalgia for servers in basements. It reflects a rational calculation: when sensitive data, security logs and response capabilities are hosted abroad, but also fall under countries’ extraterritorial laws, organisations surrender a measure of control. Jurisdictional conflicts, inconsistent software updates or opaque vendor practices can turn technical dependencies into strategic vulnerabilities.

 

Sovereignty as a pillar of resilience

 

Cyber-sovereignty does not mean total self-reliance. It means being able to decide, act and recover without being beholden to external powers or monopolistic vendors. It depends on three core pillars:

• Control of data: ensuring critical information, from customer records to incident forensics, remains under clear legal and operational jurisdiction
• Control of technical assets: deploying and managing cyber-security tools to allow organisations to dictate update cycles, configurations and integrations
• Control of partners: choosing suppliers whose accountability and governance structures are transparent and aligned with European laws and values

In practice, this often translates into hybrid strategies: cloud where it makes sense, but on-premises deployments when sovereignty and resilience are paramount.

 

Why resilience requires autonomy

 

Traditional cyber-security aims to keep attackers out. But as ENISA warns, the sophistication of today’s threats makes breaches inevitable. Resilience – the ability to absorb shocks and continue operating – is now the key metric.

 

But without control over data, an organisation cannot quickly detect or investigate a breach. A lack of autonomy, patching delays or vendor lock-in can prolong exposure. And without trusted partners, supply-chain attacks can bypass even the strongest defences.

 

Sovereignty is not a political ideal; it is an operational necessity for resilience in an unstable geopolitical environment.

 

The next frontier: AI-powered threats

 

Artificial intelligence is poised to reshape the threat landscape. Cyber-criminals and state actors are already experimenting with AI-generated phishing emails, which are harder to detect, and are also using AI to automate vulnerability discovery at scale, drastically reducing the time between the identification of a flaw and its exploitation.

 

Yet AI is also a powerful defensive tool. Endpoint detection and response (EDR) solutions increasingly leverage machine and deep learning to detect anomalies, correlate signals across vast data sets, and shorten response times. The challenge for Europe will be to ensure that AI-powered cyber-security tools remain sovereign, transparent and aligned with EU values.

 

Shaping a more resilient Europe

 

So how can the EU move from reliance, and the resulting vulnerabilities, to resilience?

 

Strengthen SMB capabilities. Small and medium-sized businesses need more than regulation. They need subsidised audits, training and access to sovereign tools tailored to their scale.

 

Diversify deployment models. Encourage hybrid architectures, where organisations choose between cloud and on-premises deployments based on risk, not just cost.

 

Enhance supply-chain transparency. Vendors should be required to disclose vulnerabilities quickly and guarantee lifecycle support, as envisioned by the Cyber Resilience Act.

 

Invest in European security ecosystems. Support homegrown providers who can offer sovereign alternatives to non-European giants, reducing dependencies that adversaries could exploit.

 

Harness AI responsibly. Promote research and deployment of AI-powered defence tools within Europe, ensuring transparency, accountability and resilience against AI-driven threats.

 

Promote cross-border solidarity. Cyber resilience is not just national, it’s continental. Shared situational awareness, joint response mechanisms and pan-European co-operation will be essential.

 

The road ahead

 

Europe has made strides to recognise the scale of the challenge. Yet the gap between legislation and implementation remains wide. Attackers will not wait until 2027, when the Cyber Resilience Act fully comes into force.

 

Organisations that anticipate the shift – by embedding sovereignty into their cyber-security strategies today – will be those best equipped to withstand tomorrow’s crises.

 

Cyber-resilience extends beyond technology; it is about freedom. And in an era where cyber-attacks can be tools of geopolitical pressure, freedom of action is the very definition of sovereignty.

---

Download HarfangLab’s Cybersecurity Report here

---

By Anouck Teiller, Deputy CEO of HarfangLab