Top 10 European Cybersecurity Incidents That Changed Policy

The world's first major state-linked cyberattack on national infrastructure, targeting Estonia's banks, media, and government portals for three weeks following the relocation of a Soviet war memorial. The incident prompted NATO to establish its Cooperative Cyber Defence Centre of Excellence in Tallinn and shaped the foundational Tallinn Manual on international cyber law.

The WannaCry ransomware outbreak caused the UK National Health Service an estimated £92 million in damage, cancelling 19,000 appointments and forcing ambulances to be diverted. The incident exposed critical vulnerabilities in legacy NHS systems and led directly to the UK government investing £150 million in NHS cybersecurity and creating NCSC guidance for healthcare operators.

Shipping giant Maersk was forced to reinstall 45,000 PCs, 4,000 servers, and 2,500 applications in 10 days after NotPetya wiped its entire global IT estate, costing the company €300 million. The incident became a landmark case study in operational resilience and supply-chain cyber risk, influencing EU critical infrastructure protection policies.

Norwegian aluminium producer Norsk Hydro suffered a LockerGoga ransomware attack that shut down operations across 170 sites and cost the company €71 million. Uniquely, Norsk Hydro responded with full public transparency, live-blogging the incident. It became a model for incident communication and influenced ENISA's recommendations for industrial control system security.

French broadcaster TV5Monde had its entire network of 12 channels taken offline and its social media accounts hijacked by attackers posing as ISIS. Subsequent investigation attributed the attack to Russian group APT28. France invested €5 million in emergency cybersecurity upgrades and the incident reshaped ANSSI guidance on media sector cyber resilience.

A botnet attack targeting a vulnerability in Deutsche Telekom routers knocked approximately 900,000 home broadband connections offline across Germany. The incident highlighted the vulnerability of consumer IoT devices and prompted Germany to introduce stricter router security standards and contributed to EU baseline IoT security requirements under the Cyber Resilience Act.

The sophisticated supply-chain attack on SolarWinds Orion software compromised networks of EU institutions, member state agencies, and defence contractors. Attributed to Russian SVR intelligence, the breach remained undetected for months and accelerated EU adoption of the NIS2 Directive, requiring mandatory incident reporting and software supply-chain security measures.

WastedLocker ransomware attributed to Russian criminal group Evil Corp encrypted Garmin systems for five days, disabling GPS navigation, aviation databases, and fitness tracking for millions of European users. Garmin reportedly paid a $10 million ransom to restore systems. The attack intensified EU debate on ransom payment prohibition and critical consumer service resilience.

ENISA published its first threat landscape report for the health sector documenting 143 major incidents across European hospitals in 2020-2021, with ransomware accounting for 54% of breaches. The University Hospital Brno (Czech Republic) attack during COVID-19 peak became the defining case, catalysing specific NIS2 provisions for healthcare as critical infrastructure.

The world's first major state-linked cyberattack on national infrastructure, targeting Estonia's banks, media, and government portals for three weeks following the relocation of a Soviet war memorial. The incident prompted NATO to establish its Cooperative Cyber Defence Centre of Excellence in Tallinn and shaped the foundational Tallinn Manual on international cyber law.

The WannaCry ransomware outbreak caused the UK National Health Service an estimated £92 million in damage, cancelling 19,000 appointments and forcing ambulances to be diverted. The incident exposed critical vulnerabilities in legacy NHS systems and led directly to the UK government investing £150 million in NHS cybersecurity and creating NCSC guidance for healthcare operators.

Shipping giant Maersk was forced to reinstall 45,000 PCs, 4,000 servers, and 2,500 applications in 10 days after NotPetya wiped its entire global IT estate, costing the company €300 million. The incident became a landmark case study in operational resilience and supply-chain cyber risk, influencing EU critical infrastructure protection policies.

Norwegian aluminium producer Norsk Hydro suffered a LockerGoga ransomware attack that shut down operations across 170 sites and cost the company €71 million. Uniquely, Norsk Hydro responded with full public transparency, live-blogging the incident. It became a model for incident communication and influenced ENISA's recommendations for industrial control system security.

French broadcaster TV5Monde had its entire network of 12 channels taken offline and its social media accounts hijacked by attackers posing as ISIS. Subsequent investigation attributed the attack to Russian group APT28. France invested €5 million in emergency cybersecurity upgrades and the incident reshaped ANSSI guidance on media sector cyber resilience.

A botnet attack targeting a vulnerability in Deutsche Telekom routers knocked approximately 900,000 home broadband connections offline across Germany. The incident highlighted the vulnerability of consumer IoT devices and prompted Germany to introduce stricter router security standards and contributed to EU baseline IoT security requirements under the Cyber Resilience Act.

The sophisticated supply-chain attack on SolarWinds Orion software compromised networks of EU institutions, member state agencies, and defence contractors. Attributed to Russian SVR intelligence, the breach remained undetected for months and accelerated EU adoption of the NIS2 Directive, requiring mandatory incident reporting and software supply-chain security measures.

WastedLocker ransomware attributed to Russian criminal group Evil Corp encrypted Garmin systems for five days, disabling GPS navigation, aviation databases, and fitness tracking for millions of European users. Garmin reportedly paid a $10 million ransom to restore systems. The attack intensified EU debate on ransom payment prohibition and critical consumer service resilience.

ENISA published its first threat landscape report for the health sector documenting 143 major incidents across European hospitals in 2020-2021, with ransomware accounting for 54% of breaches. The University Hospital Brno (Czech Republic) attack during COVID-19 peak became the defining case, catalysing specific NIS2 provisions for healthcare as critical infrastructure.