Originally published here.

Cyberattacks are on the rise across Europe, threatening public institutions, private companies and individuals. Can smart investment help to eliminate that threat?

The World Economic Forum’s 2024 Global Risk Report placed cyber insecurity and misinformation among the top five risks facing society today. Cyberattacks on businesses and consumers are increasing and becoming more advanced, exposing the global economy to new and greater risks. For Europe, currently transitioning into a new geopolitical era, the risk is especially acute, but the rewards could be significant.

Authoritarian parties have achieved startling results in French, Irish, Italian, Dutch, and German elections – not to mention in the European Parliament itself – and public sentiment has shifted away from long-trusted institutions towards more subversive firebrands. At the same time, from a military perspective, Europe is increasingly exposed. The Russian invasion of Ukraine has made the continent more sensitive to oil, gas, and electricity shortages. The concerted response to the invasion has also made the bloc a clear target for Russian disinformation and cyber assaults. Meanwhile, during his second term, President Trump plans to “fundamentally alter the US relationship with NATO”, and a weakened NATO increases the likelihood of further attacks on member states.

So far, the European response to state-sponsored hacks has been described as “tame.” Despite new attacks landing every day, NATO and EU countries have been unwilling to retaliate. Most states are afraid of stepping out alone and provoking further conflict with Russia or China, and there hasn’t been a concerted response from the Alliance or the Union. Luckily this is not the case for the bloc’s digital security startups and scaleups.

In the first half of 2024, Russian cyber attacks were reported against the governments of France, Germany, Czechia, as well as the European Parliament and the European Commission. The 2024 Romanian election results were cancelled following massive Russian campaigns of disinformation and influence. China has similarly been blamed for a series of hacks against European lawmakers. Between November 2023 and April 2024, more than 2.25 billion European data records were breached. That figure is so large, it’s almost impossible to truly comprehend. No wonder a May 2024 Politico headline read “Europe under cyber siege in 2024.”

But as is so often the case, tech entrepreneurs are rising to the challenge, with innovative European startups already emerging to meet the specific challenges facing governments, businesses, and private individuals alike. HarfangLab raised a substantial €25m Series A round in October 2023 to defend against the largest and most sensitive hacks. Founded by ex-military experts, its clients include hospitals, government agencies, and CAC 40 companies.

National defense is far from the only concern, companies are also attractive targets for cybercriminals – a 2024 Cloudflare survey of European businesses found that 40% had experienced cybersecurity incidents within the previous 12 months. Many attacks don’t require a high level of technological sophistication for success. In 2018, tens of millions of dollars were stolen from at least eight Eastern European banks, during which Hackers simply entered bank offices posing as “inspectors,” leaving behind USB keys on cheap laptops connected to the banks’ networks to steal data.

Cyberattacks on private businesses come at huge economic cost. In one 2022 attack, US$570 million worth of cryptocurrency was stolen from Binance accounts. The architecture of current software systems has made such attacks even easier. Today, tech is built with shared libraries, APIs, and cloud systems, which has made development much faster and more efficient, but also creates new exposures to attack.

With each new exposure, tech companies are creating innovative solutions in parallel. Lithuania’s Nord Security has built on its famous NordVPN service to provide password management, encryption, identity theft detection, and threat exposure protection to millions of customers worldwide. Dublin-based Evervault is bolstering security for the increasingly interconnected payments ecosystem.

Or take the ubiquitous Salesforce CRM, used by hundreds of thousands of companies worldwide. Businesses rely heavily on Salesforce data, and need to ensure that use is responsible, compliant, and secure. French engineer Sovan Bin built Odaseva specifically to help large companies organize and protect their Salesforce data. It was set up specifically to serve Schneider Electric, but Odaseva now works with Toyota, Heineken, AXA, and many other global corporations.

So while the cyberworld is certainly becoming a scarier place, Europe has the technological skills required to respond effectively.

As cybersecurity and data protection continue to trouble business leaders, Europe should continue to encourage creative solutions to solve the most pressing issues. There are tangible things business leaders can do to protect themselves, their customers, and their data from serious cybersecurity harm.

First is education. Organizations need to take cybersecurity seriously, and keep educating team members on both responsible practices and the potential harms from complacency. 82% of European hacks are the result of human behavior or error, and are easily preventable. But the sheer number of attempts and the fatigue factor mean that they’re bound to get through eventually. The majority of attacks today get through via phishing. So companies must work hard to avoid “phishing fatigue.”

Organizations can also enlist the help of hackers themselves to identify weak points. Bug bounties are becoming commonplace, where a cash prize is offered to hackers who can successfully enter a system or network. Security experts also recommend regular “red teaming” – simulated attacks to see how staff and systems respond. German startup Mitigant lets companies emulate attacks on their cloud infrastructure, ensuring that business systems have the best defenses in place.

Italian startup Exein does the same for the notoriously challenging “internet of things” hardware. Connected devices are convenient and fun for users, but they also create hundreds of thousands of entry points for hackers. The result is attacks that can be leveraged across all this different architecture on a huge scale. Exein’s software analyzes and identifies vulnerabilities across whole fleets of tools, and automatically secures them to prevent serious harm.

While most organizations have some cyber compliance training in place, the public at large doesn’t understand these risks. And that’s where governments also need to step up. Europe’s new PSD3 regulations – rules for payments providers and financial institutions – will require even more customer education from financial institutions, as well as fast reimbursements for stolen sums, helping to reduce the harm to private consumers.

But more guidance is essential, in addition to legislation for businesses across all industries to improve their cybersecurity practices. Only then will public institutions be able to ensure that vital infrastructure like hospitals, schools, and public records are protected.

Finally, there needs to be more training and recognition of great IT security professionals. Even where issues are identified early by employees, organizations need the talent on hand to validate real threats and close security gaps before real harm is done. Cybersecurity threats are growing across the globe. Europe’s digital borders need defending.

Cyber attacks are rising sharply, with billions of European data records breached every six months. Europe is increasingly isolated from Russia, China, and the United States, leading to more hacks from the first two and potentially less support from the latter.

Cybersecurity risks increase as society becomes more interconnected. Every digital device – from cars, to treadmills, to hospital alert systems – can be used as a point of entry for hackers. Devices and software are easier than ever to produce, but consequently also easier to break into.

European leaders must emphasize the vital importance of cybersecurity, at the government level, for businesses, and for private citizens. For now, the best defense is widespread education and well-trained IT teams. If employees and citizens can identify and report risks, security gaps can be closed before real harm is done.

There’s no going back to a less digital, less connected society. The only way forward is to stay vigilant, with a coordinated European strategy.