Global Cybersecurity Outlook 2026 Regional Analysis Europe and Central Asia

Supply chain –The top three cyber risks related to supply chain security reported by organizations in this region are: 1. Inheritance risk: Inability to assure integrity of third-party software, hardware and services 2. Concentration risk: A high degree of dependence on critical third-party suppliers 3. Visibility: Lack of visibility into own organization’s extended supply chain” –To mitigate these risks, 70% of organizations in this region prioritize assessing their supplier security maturity, while 66% involve their security function in the procurement process. How does your organization address supply chain cyber risk? Europe and Central AsiaWe simulate cyber incidents and/or plan recovery exercises with our ecosystem partnersWe align our cyber resilience strategy among our ecosystem partnersWe map our ecosystem in detail to understand where we or our partners are exposed to cyber threatsWe assess the security maturity of our suppliers We involve our security function in the procurement process We share information on threats with partners in our ecosystem (customers, suppliers, partners)70% 66% 36% 31% 29% 25% With regard to the ways in which your board is engaged in cybersecurity, the following statements apply: 95% 5% Board is engaged in cybersecurity Board is not engaged in cybersecurityResilience –In Europe and Central Asia, 21% of organizations rate their cyber resilience as exceeding requirements (globally 19%), while around 13% assess it as below the level they consider sufficient (globally 17%). How would you rate your organization’s cyber resilience? Our cyber resilience is insufficientOur cyber resilience meets minimum requirementsOur cyber resilience exceeds our requirements13% 66%21% –The top three challenges to achieving cyber resilience reported by organizations in this region are: 1. Rapidly evolving threat landscape and emerging technologies (61%) 2. Third-party and supply chain vulnerabilities (49%) 3. Cybersecurity skills and expertise shortage (42%) –95% of respondents report active engagement from their board in cybersecurity matters, which is the strongest percentage across regions.