Geopolitics, Strategic Autonomy, Regulation, AI: State of Cybersecurity Report 2026

A cyber incident can disrupt operations, affect revenue, and damage reputation within hours, making it a critical business continuity issue. These challenges and the potential impact of cyberattacks extend well beyond the remit of IT teams, involving C-suite and business leaders as well. 

As organizations are no longer dealing with isolated risks and cybersecurity is becoming more closely linked with business continuity, leadership teams are taking greater responsibility for decisions that affect resilience, risk, and organizational preparedness.  

HarfangLab’s report focuses on CEOs and senior decision-makers at large businesses across Europe, in a study that explores what those differences reveal about cyber resilience and what they mean for business continuity in the years ahead. The interviews took place in April 2026 and surveyed 750 business leaders across France, Germany, Belgium, the Netherlands, Austria, and Italy. The businesses surveyed employ 250 or more employees, covering sectors including healthcare, manufacturing, technology, and government services.

So, what did it reveal?

Cyber threats seen as real risk to business 

Geopolitical unrest remains a major concern for business leaders across Europe, with 31% saying they are significantly or very significantly worried about the impact current global events could have on their operations, but organizations appear to view geopolitical risk as a future concern rather than an immediate issue. 

In the event of an cyberattack, almost half of European business leaders say revenue would be affected within the same business day, while a further 31% expect the impact to be felt within two days – and they are aware of the risks to reputation and stakeholders’ trust.

CIO, CEO, CISO: no single role stands out as ultimately in charge 

Resilience is not just about preventing attacks. It is also about making the right decisions when disruption occurs. Yet the research suggests organizations may lack the experience needed to support decision-making when it matters most. Leaders are expected to make decisions that affect resilience and continuity, but do not always have the knowledge or experience to do so with real confidence. These expertise gaps leave them exposed.  

As a result, while business leaders recognize cyber risks as a significant business threat (recovery after a cyber incident takes 4.32 days on average), who should take ownership is unclear, and responsibility is spread across multiple roles (responsibility remains fragmented across Europe), making accountability something of a grey area.

Autonomy and strategy matters, but concrete action has yet to materialize 

With growing concern about dependency and geopolitical risks, most European organizations place greater importance on technological sovereignty: 59% of business leaders say sovereignty considerations have become more important in their decision-making over the past 1-2 years. But while the concept may be on executives’ radars, it is not yet playing a meaningful role in how most organizations choose and manage technology providers.  

41% of European business leaders acknowledge the risks associated with relying on global cyber security providers. But that awareness does not appear to be translating into widespread action: less than 10% of European leaders are actively prioritizing European cybersecurity providers, and only 23% are significantly reducing dependence on non-European providers.  

In concrete terms, little has changed. Most organizations in Europe still rely on the same small group of global providers, despite growing recognition of the risks this could present – with a few exceptions, such as in Germany or in Austria. Attitudes towards sovereignty are evolving at different speeds.  

“Dependency is not only a matter of where the security provider comes from. Mindset and visibility are at stake. What is your critical activity about? What are your most critical infrastructures or data? Do you want to hand control of this data to external providers without knowing where it goes, who controls it, and if you can access it, should there be any service disruption? An organization should decide where they put their trust and have all the information in hand to take this decision. In that sense, strategic autonomy is capital. At HarfangLab, this is what we aim to provide with an open and transparent platform, with on-premises capacities.”   

Anouck Teiller, Deputy CEO – HarfangLab

Regulation becoming a strategic advantage but also a challenge 

Most business leaders understand that regulation is becoming a bigger part of cyber security. Meeting higher standards is now seen as a way to build trust, strengthen resilience, and stand out in a global market where security expectations continue to rise.

73% of European leaders say they are familiar with major European cybersecurity regulations and the implications for executives, but implementation is easier said than done, as nearly 65% struggle to understand how regulatory requirements should be implemented, and 60% say the pace of regulatory change is difficult to keep up with. Also, 59% are concerned about being held personally accountable for cybersecurity incidents affecting the business.

AI still presents both opportunity and risk for security 

Generative AI is making sophisticated cyber capabilities more accessible and helping attackers operate at greater speed and scale. Techniques associated with state-sponsored actors are becoming available to a wider range of bad actors, increasing the volume of attacks, and the number of potential victims. 

On the other hand, the study shows that European’ businesses view AI as more than just a productivity tool, but as an important part of how they strengthen resilience and support day-to-day security operations: they are using artificial intelligence to improve visibility, automate routine tasks, speed up detection and response, and help security teams keep pace with today’s complex threat landscape. 

Nevertheless, AI adoption still lacks consistent guardrails: only 44% have clear rules on what data can and cannot be entered into AI systems, while less than half have formal policies governing AI use.   

“What is tricky with AI, is that the main threats are not always where we tend to believe they are. While cyber attackers are accelerating procedures through AI, it’s still not a real problem for detection and response tools that can actually protect against those threats. The greater risk stands in the massive and rapid development of multi-purpose agentic AI that will eventually require us to reinvent how security solutions are built, and where to focus to properly identify threats.” 

Anouck Teiller, Deputy CEO – HarfangLab

How can you rethink your risk management
and key strategic priorities to thrive in this new reality?

Read the report