Cyber Europe 2026 is the largest cybersecurity exercise in EU history, although the European Union Agency for Cybersecurity (ENISA) previously organised seven similar exercises on a smaller scale. Participants included cybersecurity experts from the public and private sectors, policymakers, EU institutions, and partner countries outside the bloc, namely the United Kingdom, Norway, Switzerland, and Ukraine. The involvement of thousands of cyber experts aimed to test the bloc’s ability to respond to attacks targeting critical transport infrastructure.
The exercise simulated large-scale cyber incidents escalating into a Europe-wide crisis, in order to test the participating parties’ ability to handle complex situations and share information. For example, a cyberattack targeted a series of major airports in Europe in late September 2025, including Heathrow in the United Kingdom, Brandenburg in Germany, and Brussels in Belgium, paralysing flight check-in systems. Ground staff had to assist passengers manually, but the incident still left thousands stranded, caused prolonged congestion, and led to many flights being delayed, postponed, or cancelled.
In Germany, the number of cyberattacks recorded in 2025 reached 334,000, up 10% from 2024. Although the number of attacks increased only slightly, the damage hit a record of more than 230 billion USD. These troubling figures, recently released by the technology association Bitkom and Germany’s Federal Criminal Police Office (BKA), show that cyberattacks are becoming increasingly sophisticated and unpredictable.
More alarmingly, the clearance rate for attacks originating from outside the country stood at only around 2%, far lower than the 31.4% rate for cybercrimes committed domestically.
The EU’s caution is considered necessary as cyberattacks are inflicting damage globally. In the Republic of Korea, for example, the 2026 Cybersecurity Skills Gap Report released by cybersecurity company Fortinet showed that as many as 82% of Korean businesses recorded at least one cybersecurity breach in 2025.
The average financial toll of these attacks rose 37% from 2024 to around 3.9 billion KRW, or nearly 2.6 million USD. Forms of attack have also become more diverse and unpredictable, including denial-of-service attacks (DoS/DDoS), which accounted for 39%, phishing at 37%, and ransomware at 35%.
Cyber Europe 2026 simulated a large-scale cyberattack that simultaneously paralysed Europe’s railway networks and seaports, severely disrupting transport and freight operations. An ENISA report showed that transport was the second most targeted sector in 2024, accounting for 11% of all recorded cyber incidents, of which 15% targeted the EU.
ENISA assessed that both the maritime and railway sectors remain high-risk areas, as the pace of cybersecurity development has not kept up with their critical importance. These two sectors face a common challenge of integrating legacy operating systems with modern infrastructure, while still ensuring strict safety and reliability requirements.
Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy, said transport is the lifeblood of the economy and daily life and is therefore becoming an increasingly attractive target for cyberattacks. If seaports and railways are attacked, the consequences would be catastrophic.
Cybersecurity threats can cross borders within seconds, and Europe needs to equip itself with the capacity to act swiftly and coordinate closely with partners outside the bloc.
