The industry impact of Europe’s cyber threat

Cyber attacks are hitting harder and faster, and Europe is struggling to keep pace. 

Hospitals are being forced offline. Power grids are being targeted. Elections interfered with. These aren’t isolated IT issues, they’re operational shutdowns, showing just how quickly cyber incidents can bring critical services to a standstill.

The scale of the threat for Europe was summed up starkly by Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity (ENISA):

“We are not catching up. We’re losing this game, and we’re losing massively.”

The pace shows no sign of slowing, and what was once seen as a low digital risk, is now a Europe-wide business issue, with industrial organisations paying the price.

Manufacturers and wholesalers depend on always-on systems, tightly connected supply chains and accurate real-time data. When those systems are compromised, production slows, deliveries stop and customer trust erodes. Yet many businesses are trying to defend themselves while juggling legacy systems, fragmented data and limited internal expertise.

Europe’s industrial midmarket is feeling the strain and the data makes that clear.

Cybersecurity is now the number one strategic priority for industrial midmarket firms across Europe, ranking ahead of digitalisation and ERP replacement. 

At the same time, 42% cite cybersecurity as their biggest digital skills gap, making it the most lacking capability across the sector. Even as businesses look to emerging technologies for support, 30% already believe AI will deliver its greatest value in cybersecurity and risk detection.

The message is simple: organisations know security matters. But many don’t yet have what they need to protect themselves effectively.

Industrial businesses are uniquely exposed

Unlike purely digital organisations, industrial companies operate across physical and digital environments. Production floors, warehouses, logistics networks and back-office systems are increasingly connected.

That connectivity brings huge opportunity, but it also expands the attack surface.

Add in growing compliance requirements around data privacy, environmental reporting and product traceability and the pressure only increases. Security today isn’t just about stopping intrusions. It’s about protecting operations, maintaining regulatory confidence and keeping business moving.

The reality is stark: half of businesses report having experienced some form of cybersecurity breach or attack in the last 12 months. 

For many, this is no longer a question of if disruption will happen, but when.

Awareness isn’t the same as readiness

Europe’s industrial midmarket clearly understands the scale of the challenge. 

Cybersecurity tops the priority list. Skills gaps are widely acknowledged. Investment in technology is rising. Yet execution remains difficult.

Disconnected systems make visibility harder. Legacy ERP platforms slow progress. Shortages in cybersecurity, ERP and AI skills leave teams overstretched. Meanwhile, compliance demands continue to evolve.

Knowing you’re exposed doesn’t automatically make you prepared, and this is where many organisations find themselves today, caught between rising threats and digital foundations that weren’t designed for this level of complexity.

The next question becomes unavoidable: If traditional approaches to security are no longer enough, what does a more resilient model actually look like?