
In this article
We examine the widening gap between Europe’s surge in cyberattacks and its low cybersecurity readiness. Drawing on recent data from Check Point and Cisco, we highlight why identity remains the weakest link, how regulatory frameworks like NIS2 and DORA are reshaping expectations, and what concrete steps organisations can take to shift from compliance to resilience.
Cyberattacks in Europe are escalating at an alarming pace
According to Check Point, global attacks surged by 21% in Q2 2025, with Europe registering the highest regional increase across sectors such as education, government, and telecom (Check Point).
Yet, while threats intensify, a recent Cisco study reveals that only 3% of European organisations have the maturity to withstand today’s sophisticated landscape (Cisco). This imbalance exposes a stark reality: Europe’s attack surface is expanding faster than its readiness to defend.
The Scale of the Threat
Attack volumes in Europe reflect both opportunism and targeted campaigns. Education and public sector organisations remain frequent victims, but critical infrastructure and financial institutions are also under sustained pressure. The use of stolen credentials, supply chain exploits, and phishing impersonations (with Adobe and Microsoft as the top brands targeted) continue to dominate initial access tactics.
Behind these numbers is a strategic shift: attackers are exploiting not just technical vulnerabilities but governance and identity gaps, recognising that many enterprises still depend on manual access processes or fragmented IAM solutions.
The Readiness Gap
Cisco’s cybersecurity readiness index underscores the issue: only 3% of European entities can be classified as mature, while the majority fall into “beginner” or “formative” levels. This means that most organisations lack the layered visibility, policy enforcement, and resilience practices required to prevent disruption or regulatory breaches.
Fragmented identity governance, inconsistent privileged access controls, and slow adoption of Zero Trust principles all feed into this gap. Compliance obligations such as NIS2 and DORA are designed to raise the bar, but meeting deadlines is not enough if resilience remains shallow.
Identity as the Weakest Link
Compromised credentials remain the leading attack vector. Manual IAM practices – slow de‑provisioning, excessive privilege accumulation, and incomplete visibility of non‑human identities – expose organisations to prolonged dwell times and regulatory risk. Identity sprawl, particularly across cloud and SaaS platforms, magnifies exposure.
Closing this gap requires modern identity security platforms that enforce least privilege by default, automate reviews, and integrate seamlessly with Zero Trust architectures. Without this, organisations risk falling behind both attackers and regulators.
From Compliance to Resilience
Frameworks like NIS2 and DORA define a baseline. True readiness, however, demands a shift from compliance‑driven box‑ticking to resilience‑driven operations:
- Zero Trust: isolate critical assets, enforce adaptive authentication, and monitor continuously.
- PAM & CIEM: control and right‑size entitlements across on‑premises and multi‑cloud environments.
- SailPoint: automate identity lifecycle management and periodic access reviews, enabling audit‑ready evidence packs.
- Managed Services: provide ongoing monitoring, incident simulation, and reporting aligned with regulators’ expectations.
This convergence transforms compliance investments into operational muscle.
A Blueprint for Action
- Assess: Run a Zero Trust and IAM posture review to map controls against NIS2 and DORA requirements.
- Modernise: Migrate from legacy IAM to platforms like SailPoint Identity Security Cloud, embedding automation and visibility.
- Enforce: Deploy PAM and CIEM solutions to mitigate privilege sprawl across cloud and hybrid environments.
- Sustain: Leverage managed services to maintain compliance readiness and operational resilience over time.
Closing the gap is not optional
Europe’s cybersecurity landscape sits at a dangerous intersection: attacks are rising faster than defences. The surge in activity shows adversaries are escalating pressure, while Cisco’s readiness data reveals that most organisations remain underprepared.
Closing this gap is not optional. It requires strategic investment in identity‑first security, Zero Trust adoption, and compliance‑driven resilience.
At Cloudcomputing, we view this challenge through a single lens: trust. Trust is the currency of the digital age, and building it requires moving beyond reactive security into proactive, identity‑centric resilience. By bridging the readiness gap now, European organisations can not only comply with regulations but also ensure continuity, confidence, and long‑term security.