In 2025, nearly four out of ten documented attacks in the European Union targeted public administration.[1] The vast majority of entities within this group (69%) were central government bodies, such as ministries or security agencies. Local institutions (24%) and regional authorities (6.8%) were targeted somewhat less frequently.[2] The increasingly unstable geopolitical environment offers little hope for improvement in the near future. Experts believe that the number of cyberattacks directed at EU public administration will continue to rise. In this context, a common security strategy may not be sufficient. Building Europe’s technological sovereignty is becoming essential.
Public Sector as the Primary Target of Cybercriminals
According to 2025 data from the European Union Agency for Cybersecurity (ENISA), public administration is the most frequently targeted sector in the EU, accounting for over 38% of all cyberattacks. In the 2024 study, this share was nearly half as high, at 19%, suggesting a strong geopolitical dimension to cybercriminal activity.[3] This interpretation is reinforced by the fact that the most frequently recorded incidents were hacktivist-led DDoS attacks, which involve overwhelming a system by sending massive volumes of requests from numerous infected devices. These attacks accounted for more than 96% of all recorded incidents.[4]
Radosław Żak-Brodalko, Senior Solutions Architect at Linux Polska, notes that cybersecurity in public administration was a key priority for the European Union last year.
“In February 2025, the EU Cyber Solidarity Act came into force, aiming to enhance the efficiency of detection and response to incidents across the European Union. The document emphasizes cooperation between Member States and the development of national and cross-border cybersecurity centers that will use artificial intelligence and advanced data analytics to detect threats. The importance of cooperation at technical, operational, and military levels is also highlighted in the EU cyber crisis management plan adopted in June 2025. These and other measures respond to the growing number of cyber threats linked to the current global situation. However, mitigating their impact also largely depends on expanding internal actions undertaken by public institutions. For example, software risk analysis should not be limited to technical aspects but should also include legal and geopolitical factors,” explains Radosław Żak-Brodalko of Linux Polska.
Vigilance Required in Other Sectors as Well
Beyond public administration, other sectors crucial to the functioning of the EU economy are also frequent targets of cyberattacks: transport (7.5%), digital infrastructure and services (4.8%), finance (4.5%), and manufacturing (2.9%).[5] Their presence at the top of the list is no coincidence. They, too, are targets of hacktivists, with attacks often politically motivated. As Radosław Żak-Brodalko notes, the European Union has already taken steps to limit the impact of incidents in these areas.
“Among the five most frequently attacked sectors in the European Union, all fall within the scope of the NIS2 Directive, which aims to establish uniform standards for protecting critical sectors of the economy. Organizations covered by the directive are required to meet risk management obligations, including incident detection and response, ensuring supply chain security, and implementing clearly defined procedures for handling and disclosing vulnerabilities. Compared to the original 2016 directive, the range of entities covered by NIS2 has been significantly expanded, reflecting the increase in cyberattacks and the need to protect sectors vital to the economy,” says Radosław Żak-Brodalko of Linux Polska.
Poland Among the Most Affected Countries
There are no surprises among the countries most exposed to cyberattacks. The highest number of incidents in the public administration sector was recorded in France (27%), Italy (26.3%), and Germany (16.2%). The top five is rounded out by other large European countries—Spain (15.3%) and Poland (15.1%).[6] Piotr Piętka, Solutions Architect at Linux Polska, emphasizes the need to build the continent’s technological sovereignty.
“Technological sovereignty is one of the three pillars of the cybersecurity strategy developed by the European Commission—the other two being the development of operational capabilities to prevent cyber incidents and the promotion of a global and open cyberspace. The strategy stresses the need to ensure the resilience of all interconnected services and products, as well as cooperation in countering threats. The European Union also sees open-source software as playing a key role in building technological sovereignty, as reflected in a dedicated roadmap published in July 2025. It highlights the need to reduce dependence on technologies from outside the EU and to prioritize projects in cloud computing, artificial intelligence, and cybersecurity that contribute to this goal, for example by leveraging European open-source solutions,” adds Piotr Piętka of Linux Polska.
The growing number of cyberattacks on public administration in the European Union confirms that this sector requires special protection. The scale and nature of incidents leave little doubt that they are largely politically motivated. With the prospect of a continued increase in cyber threats, ensuring the operational resilience of individual institutions is no longer sufficient. A strategic approach based on cooperation among all EU Member States is now essential. The EU regulations adopted in recent years are aimed precisely at achieving this objective.
[1] ENISA, ENISA Threat Landscape 2025
[2] ENISA, ENISA Sectorial Threat Landscape 2025 – Public Administration
[3] ENISA, ENISA Threat Landscape 2025
[4] Ibid.
[5] ENISA, ENISA Threat Landscape 2025
[6] Ibid.
