Jun 26
/
Latest News
Europe Sees Sharp Rise in Ransomware as Supplier Breaches Surge
Ransomware attacks across Europe climbed sharply in early 2026, driven by a growing wave of breaches originating from third‑party suppliers, according to Black Kite’s 2026 European Cyber Risk Report. The analysis examined 2,066 ransomware incidents across 31 countries between January 2025 and April 2026, revealing a rapidly expanding threat landscape.
Publicly disclosed attacks rose 55.1% in the first four months of 2026 compared with the same period a year earlier. Monthly incidents jumped from an average of 108 in early 2025 to 171 in early 2026. Germany experienced the highest number of cases, followed by the UK, France, Italy, and Spain—together accounting for nearly 70% of all recorded incidents.
Manufacturing remained the most targeted sector, representing 27.9% of all disclosed attacks. IT services also ranked among the top targets, as compromising a single provider can expose dozens of downstream customers. Professional services, healthcare, retail, and transportation continued to face frequent attacks due to their extensive digital ecosystems and operational dependencies.
The Qilin ransomware group demonstrated the broadest reach, operating in 26 of the 31 countries included in the study.
Third‑party compromises emerged as a major driver of risk. Black Kite identified 64 organizations hit through supplier‑related breaches, including one software provider incident that exposed the personal data of more than one million people and impacted dozens of downstream entities.
Regulatory pressure is intensifying as frameworks such as NIS2 and DORA require organizations to more rigorously assess and manage supplier cyber risk. Dr. Ferhat Dikbiyik, Black Kite’s Chief Research and Intelligence Officer, said Europe’s most significant ransomware incidents increasingly stem from interconnected supply chains, adding that new regulations are pushing organizations to better understand where risk is concentrated across their vendor ecosystems.
Publicly disclosed attacks rose 55.1% in the first four months of 2026 compared with the same period a year earlier. Monthly incidents jumped from an average of 108 in early 2025 to 171 in early 2026. Germany experienced the highest number of cases, followed by the UK, France, Italy, and Spain—together accounting for nearly 70% of all recorded incidents.
Manufacturing remained the most targeted sector, representing 27.9% of all disclosed attacks. IT services also ranked among the top targets, as compromising a single provider can expose dozens of downstream customers. Professional services, healthcare, retail, and transportation continued to face frequent attacks due to their extensive digital ecosystems and operational dependencies.
The Qilin ransomware group demonstrated the broadest reach, operating in 26 of the 31 countries included in the study.
Third‑party compromises emerged as a major driver of risk. Black Kite identified 64 organizations hit through supplier‑related breaches, including one software provider incident that exposed the personal data of more than one million people and impacted dozens of downstream entities.
Regulatory pressure is intensifying as frameworks such as NIS2 and DORA require organizations to more rigorously assess and manage supplier cyber risk. Dr. Ferhat Dikbiyik, Black Kite’s Chief Research and Intelligence Officer, said Europe’s most significant ransomware incidents increasingly stem from interconnected supply chains, adding that new regulations are pushing organizations to better understand where risk is concentrated across their vendor ecosystems.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.