In 2025, Europe faced a wave of cyber attacks: from airport disruptions and allegations of election sabotage to GPS spoofing on European Commission President Ursula von der Leyen’s flight and assaults on satellites in space.
The continent was among the hardest hit, accounting for 22 percent of all global ransomware attacks, where data is stolen, encrypted, and then exchanged for a ransom. Distributed denial-of-service (DDoS) attacks also surged, with 3.2 million recordedthroughout Europe, the Middle East, and African countries in the first part of the year alone.
These cyberattacks also had major financial impacts, costing countries like France, Germany, Italy, and Spain a combined €300 billion in the last five years, according to global insurance group Howden.
The need to address cybersecurity is more pressing than ever, and we expect it to be a major priority for governments in 2026. Euronews Next has compiled some of the major reports predicting for where cybersecurity is headed this year.
Geopolitical threats to expand
If 2025 was the year that cybersecurity became a “geopolitical flashpoint,” according to Forrester, then 2026 will be one where operations from actors such as Russia, China, Iran, and North Korea will expand, the global market research company wrote in its cybersecurity predictions report.
The company said that political instability and new technology will force cybersecurity and risk leaders to adapt this year.
The concern is echoed by Google Cloud security teams, who compiled the company’s annual Cybersecurity Forecast for 2026. They predict that China will likely continue executing cyber campaigns to strengthen its political and economic influence.
One area that Google sees as particularly vulnerable to Chinese attacks is the semiconductor sector, due to competition from rivals such as Taiwan’s TSMC and American export restrictions.
Russia’s cyber operations are expected to continue in Ukraine but also to “prioritise long-term global strategic goals,” the Google report added, such as ramping up information operations against the United States and other Western nations.
The US tech company believes that Moscow will continue to manipulate narratives leading up to crucial elections, as seen in Poland, Germany, and Moldova in 2025, while Iran is also expected to ramp up cyber operations in the Middle East, through inauthentic news-focused websites aligned with Tehran’s interests.
One way that the European Union is expected to counter these state actors in 2026 is by building its own known-exploited vulnerability database: a catalogue of security vulnerabilities that are actively exploited by attackers, Forrester outlined in its forecast.
The EU’s vulnerability database will likely improve coordination and the sharing of intelligence across borders, the company added.
AI: From the exception to the norm
Artificial intelligence (AI) will reshape both how attacks are conducted and how they are defended in 2026, according to Google and US cybersecurity firm Fortinet, which publishes an annual Global Threat Landscape Report.
Both companies singled out AI agents, which are designed to take autonomous actions to assist humans and do not require a human to tell them what to do, as a new challenge for security teams.
Google said attackers will increasingly leverage these AI tools to scale attacks, while Fortinet said AI agents deployed by threat actors will be able to coordinate attacks without human intervention.
Google also predicts that AI will be used for new attack techniques, such as prompt injection, which manipulates AI systems to bypass their built-in security protocols and follow hidden commands.
Another new attack Google’s security teams say to look out for is vishing, which is AI voice-cloning that creates hyperrealistic impersonations of humans. One example is voice clones of executives or IT staff, to request personal or confidential information from company employees.
Hackers will also continue to use AI to write realistic phishing emails, fraudulent messages that get users to click a link or download an attachment to steal their information, Fortinet wrote in its annual CISO Predictions Report.
However, companies attacked by AI agents could also use the technology as a tool to summarise attacks, decode malicious code, and identify tactics, according to Google.
The battlefield expands to space
Global positioning systems (GPS), which rely on satellites to pinpoint the location of ships, cars, planes, and smartphones, were a major target throughout 2025, according to Fortinet’s CISO Predictions Report.
This year, more cyber attacks will target satellites orbiting in space, Fortinetpredicts.
GPS works by having satellites continuously broadcast radio signals that contain their exact position and the time. Devices on the ground, such as smartphones or car navigation systems, receive those signals and calculate how far away each satellite is to determine their own location.
Threat actors exploit these systems in two main ways, Fortinet said. They either jam GPS signals so they can’t be received, or they transmit fake signals in an attack called “spoofing”.
By sending fake GPS signals, attackers can “degrade or disable munitions, redirect drones and missiles, cause planes to enter enemy territory, and be unable to land,” according to Fortinet’s report.
Interference to GPS systems will continue in 2026 “as cyber warfare becomes standard practice,” Fortinet predicts, adding that the risk of GPS-related interference is higher for airlines, shipping, and defence manufacturers.
To limit the damage from GPS interference, Fortinet said companies should add more layers of encryption to the satellites they are using.