New research commissioned by European cybersecurity specialist HarfangLab shows performance alone is no longer enough. Instead, questions of jurisdiction, legal control, and operational transparency are taking centre stage: 54% of European IT security decision makers now cite that data sovereignty is prioritised by business when it comes to purchasing decisions. 10% even say that this is their top priority.
HarfangLab’s State of Cybersecurity Report surveyed 800 cyber security decision makers from businesses across Germany, France, the Netherlands, and Belgium, demonstrating a clear shift in perception of the global cybersecurity landscape, with increased worries about foreign actors and lack of control over data and cybersecurity deployments.
Sovereignty as the new cybersecurity KPI
As the region grapples with growing geopolitical instability, foreign surveillance concerns, and regulatory complexity, European businesses are shifting from reliance to resilience, demanding greater control over where their data resides, how it is governed, and who can access it. 78% of businesses say that their leadership is more concerned with digital sovereignty that they were a year ago.
Outside of sovereignty topics, when asking the IT decision makers what factors really matter when choosing a cybersecurity solution, strategic autonomy and the ability to deploy on-premises or in their chosen environment comes first (26%), followed by the proof of performance (22%), and the proximity and quality of customer support (22%). This also highlights the importance of trust when looking for a security provider.
“Performance is the foundation for any serious security provider. But today, this is not enough, and European organisations are asking for more,” says Anouck Teiller, Chief Strategy Officer at HarfangLab. “They want to know where data is hosted, who controls the infrastructure, and which legal frameworks apply. Sovereignty has become a measurable business priority: a new cybersecurity KPI.”
Europe shifts from reliance to resilience
The report points to a broader strategic realignment across Europe to reduce dependency on foreign cybersecurity providers and to build a more sovereign and resilient digital defense ecosystem. Across the region, 70% of respondents agree that European businesses are too dependent on foreign technology. Concern is highest in Germany (84%) and France (82%), with strong majorities also in the Netherlands (67%) and Belgium (70%).
69% of respondents are concerned that cybersecurity products developed outside the EU may be subject to surveillance laws in other jurisdictions. In response to these concerns, a majority of companies are actively considering sovereign alternatives, with 70% of respondents saying they are open to switching to a European cybersecurity provider. In fact, 75% of European businesses believe that EU vendors are better aligned with local compliance and regulatory needs, and 77% say European cybersecurity companies understand the region’s specific threat landscape and priorities.
Sovereignty and trust are shaping cybersecurity
A decisive shift is emerging across Europe as organisations increasingly prioritise sovereignty and control. On-premises deployment is gaining ground as a control mechanism. Across Europe, 31% of organisations prefer on-premises EDR solutions over cloud-based models, specifically to retain control over deployment, updates, and infrastructure. According to the report, 37% of European companies are “extremely” or “very” concerned about foreign access to data stored in cloud-based cybersecurity systems. This concern is most acute in Germany (44%) and France (38%), while still significant in the Netherlands (35%) and Belgium (33%).
This growing anxiety is influencing procurement decisions. On-premises capability is now the most important selection criterion for cybersecurity vendors. While 42% of businesses still rely on hybrid models and 35% on cloud, a notable 17% are planning a shift to on-prem solutions, driven by the need for control and legal assurance.
The motivations behind this shift are clear: 31% of organisations Europe-wide want full control over deployment, updates, and infrastructure — with the strongest sentiment in Germany (34%) and Belgium (33%), followed by France (30%) and the Netherlands (29%). 28% of European respondents seek to ensure full local control over their data. Another 28% want to reduce dependency on third-party cloud providers, and 26% are motivated by a desire to reduce exposure to geopolitical risk or foreign surveillance.
“The cloud only becomes a problem when it’s imposed without strategy or transparency. From a cybersecurity perspective, what matters is that using the cloud is a conscious choice, not a default, and that organisations retain control over their data, configurations, and threat detection”, says Teiller. “On-prem isn’t automatically the ‘secure’ option, it’s just one option. Like the old Westerns, there’s the good, the bad, and the ugly. Done right, with clear strategy and skilled teams, on-prem can give you tight control. But without that, it quickly becomes a patchwork of blind spots and outdated assumptions. Security isn’t about location. It’s about how well you manage and monitor what you’ve got.”
Download the full report here.
Methodology:
The report is based on research conducted by Sapio Research, commissioned by HarfangLab. The interviews took place in Q2 2025 and surveyed over 800 IT and cybersecurity leaders across France, Germany, Belgium, and the Netherlands. Business sizes ranged from 300 to 5,000 employees, covering sectors including healthcare, manufacturing, technology, and government services.
About HarfangLab
HarfangLab is a global cybersecurity provider specialized in endpoint protection against known and unknown threats. Founded in 2018, HarfangLab detects 100% of attacks and neutralizes them on workstations and servers, all while providing a comprehensive mapping of your IT infrastructure. As the European leader in the latest MITRE ATT&CK Evaluations, its EDR was the first to be certified by the French National Cybersecurity Agency (ANSSI). Together with its EPP, HarfangLab protects hundreds of customers worldwide, including public administrations, companies of all sizes, and international organizations across highly sensitive sectors.
Your security, your choice. Deploy via the Cloud or On-Prem. The HarfangLab platform integrates natively with industry-leading security tools, leverages in-house AI technology, is fully operable via API, and ensures complete transparency into data and detection rules – delivering strategic autonomy for SOC teams and the organizations they defend.
Visit HarfangLab.io for more information.