;

2026 European Cyber Risk Report: Ransomware Is Escalating and Your Third Parties Are the Entry Point

by the Black Kite Research Group™

Three forces are converging on European organisations at once:

  1. Ransomware against European organisations is rising.
  2. It increasingly reaches them through their suppliers rather than through their own systems.
  3. European law no longer treats a supplier's security as the supplier's concern alone.

Under NIS2, DORA, and the broader European regime, organisations in Europe are legally accountable for the security of the third parties they rely on, including the ones they cannot see inside. This report maps where the threat is falling across the continent and what that accountability means for organisations managing risks that originate beyond their own perimeter.

That picture comes down to four findings, each describing a different face of the threat our research uncovered.

1. Accelerating volume

Increase in Ransomware Attacks

2,066 ransomware incidents hit European organisations between January 2025 and April 2026, and the pace is increasing. The 684 recorded in the first four months of 2026 ran 55.1% above the same four months of 2025, already higher than all of the first half of 2025, which saw 648.

2. Geographic concentration

Ransomware Concentration in 5 Countries

Five countries, Germany, the United Kingdom, France, Italy, and Spain, absorbed 68.5% of all recorded incidents, with Germany the most-targeted market in Europe.

3. Sectoral concentration

Manufacturing's Share of Ransomware Incidents

Manufacturing was the most-affected sector at 27.9%, ahead of professional, scientific, and technical services at 17.8%, within which IT-services providers were the single most-targeted subindustry.

4. Suppliers as the point of failure

Individuals Exposed Through a Single Third-Party Ransomware Attack

A growing share of victims were exposed through a third party rather than being attacked directly. The Miljödata ransomware case alone reached around 200 Swedish municipalities and roughly 25 companies, along with several universities, and exposed the personal data of more than 1 million individuals, even though none of those organisations had been breached themselves.

About This Report

This is Black Kite's first report dedicated to Europe. The Black Kite Research Group™ examines ransomware against European organisations between January 2025 and April 2026 and reads that threat through the regulatory environment that sets the region apart.

TABLE OF CONTENTS

01 | INTRODUCTION

Why Europe Is Facing a Rising Threat

02 | RANSOMWARE VOLUME

Attacks Are Accelerating Across Europe

03 | RANSOMWARE GEOGRAPHY

Europe's Hardest Hit Regions

04 | RANSOMWARE SECTORS

The Most Attacked Industries

05 | THIRD-PARTY RISK

How Vendors Become the Breach

06 | REGULATORY ACCOUNTABILITY

The Law Holds You Responsible for Your Suppliers

07 | NEXT STEPS

A Continuous Duty Needs Continuous Visibility

08 | METHODOLOGY

Next: The threat is accelerating

2,066 ransomware incidents hit European organizations in 16 months, and the pace is moving faster than the number suggests. See just how fast.

NEXT