Actualizado el 02/10/2025
Actualizado el 02/10/2025
EU Institutions Are Freewheeling Into a Cybersecurity CrisisEscrito por Jurgita Lapienyte el 24/09/2025 a las 19:06:231232
(Chief editor at Cybernews, a research-driven cybersecurity website) The EU’s top official, European Commission’s president Ursula von der Leyen, was on her way to Bulgaria when a suspected Russian attack forced her plane to land without essential navigation tools.
This harrowing episode was no accident but what officials suspect to be a deliberate act of Russian interference – an electronic attack targeting critical infrastructure in the heart of the European Union.
This incident exposes not only the elevated state of geopolitical hostility but also the cybersecurity weaknesses within EU institutions themselves.
According to the research by the Business Digital Index, or BDI, the EU’s cybersecurity defenses resemble an office where nearly half the doors are unlocked, passwords are scrawled on sticky notes, and the alarm system is known to be broken but left unfixed. The BDI findings reveal the reality that EU institutions may not be robustly prepared to withstand or respond effectively to high-impact cyber-physical attacks like GPS jamming.
The researchers looked at 75 EU institutions and found that none got an A or B for cybersecurity efforts. 35% got the lowest grade, an F. The problems are especially clear with basic security: in the F-rated institutions, 85% of employees reused passwords that had already been breached. In C-rated ones, only 8% did this. SSL/TLS configuration issues were identified in 100% of F-rated institutions.
These findings point to very real – and these days accelerated by AI – risks for phishing, malware, and stolen data. Attackers can now do such things as mimicking colleagues using deepfake technology, and deploying malware that adapts in real time to avoid detection. Needless to say that these potential threats can result in financial loss, reputational damage, and regulatory penalties for EU organizations.
The EU’s main response to growing cyber threats has been to add more rules in order to improve cybersecurity. But the data shows that just having rules isn’t enough. Despite these new rules, nearly half (46%) of the EU’s lowest-rated organizations have already suffered data breaches.
I believe that the real problem is that leaders aren’t acting urgently or taking responsibility. For example, almost all D-rated and F-rated institutions had insecure hosting environments. Domains vulnerable to email spoofing were found in every C-rated organization and in 96% of D-rated and F-rated ones.
The EU needs to do more than merely add more rules and formally follow them. It needs to make sure leaders are held responsible for breaches. That means executives should have part of their pay tied to cybersecurity results. It also means having real, independent security checks with actual consequences for failure. The Transport sector is doing a little better than others, and the EU should learn from that.
Some might argue that more rules will solve the problem, or that it’s just too big to fix in a short amount of time. But the numbers tell a different story: the institutions with the worst track records are the same ones that don’t pay attention to basic security practices such as using strong and uncompromised passwords. At the end of the day, this comes down to leadership.
Given that cyber threats keep on evolving and the geopolitical situation isn’t exactly what we want it to be, the risks are really high. Every day the EU waits, it puts sensitive data, economic stability, and public trust at risk. If the EU wants to be a leader in digital governance, it needs to make cybersecurity a top priority for executives, invest in training, and hold leaders to account.
If nothing changes, the next headline won’t be about bad grades or landing with paper maps. It might be about a real crisis that rules can’t fix. The question now is whether the EU will act in time. Noticias Relacionadas:Clavister Signs Newest Distributor in Czech Republic Clavister NetEye products announced |
