The European Union, already under constant pressure from US President Donald Trump-friendly big tech companies, also faces an unprecedented volume and pace of cyberattacks. This is extremely risky, the bloc’s cyber chief says.
According to Juhan Lepassaar, the executive director of the EU’s Agency for Cybersecurity (ENISA), the bloc is “losing this game” and not catching up to all the threats.
Indeed, various officials and researchers could testify that Europe has been targeted with relentless cyberattacks in recent years: they’ve shut down airports, disrupted elections, and paralyzed hospitals. France has suffered the most lately.
Just this week, experts said it was a Russian state-sponsored hacking crew that almost knocked out Poland’s power grid late last year, and the president of Germany’s Bundesbank said that it faced over 5,000 cyberattacks every minute.
Of course, the trend at times gets lost in the noise around the war in Ukraine and increasingly unfriendly moves by the United States. Europe is more keen to talk about traditional defense spending and the need to boost self-reliance.
But Lepassaar, speaking with POLITICO, warned that only investing in hard security is not enough because it creates a “loophole.”
True, the European Commission has proposed to overhaul its Cybersecurity Act legislation and allow ENISA to expand its staff by 118 full-time employees and spend more on operations.
However, Lepassaar says it’s not what the bloc’s cyber defenders actually need: “We just don’t need an upgrade. We need a rethink. Doubling the capacity is the absolute minimum.”
According to the ENISA chief, the EU has fallen short in cyber investment for years and needs to build an entirely new EU-level cyber infrastructure. That’s because cybercriminals are forging ahead at a frightening speed.
In 2019, roughly 17,000 software flaws were added to a global database logging such vulnerabilities. In 2025, more than 41,000 were added, Lepassaar said.
According to the ENISA chief, the EU has fallen short in cyber investment for years and needs to build an entirely new EU-level cyber infrastructure. That’s because cybercriminals are forging ahead at a frightening speed.
In 2019, it took hackers approximately two months on average to exploit those flaws in an attack, but now it takes only one day on average, he added.
Google’s Mandiant indeed warned already back in 2024 that it now takes hackers far less time to exploit glitches, and AI helps.
At least now, the EU’s new Global CVE Allocation System (GCVE) is officially up and running. It provides an alternative for the US-run CVE program, which is facing instability and backlog delays.
“We all reap the benefits for free. It's needed that we now step up and take our fair share of this,” said Lepassaar of a new database.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked