Overview
- Black Kite's 2026 European Cyber Risk Report, published on June 25, 2026, found ransomware incidents in Europe rose 55.1% year‑over‑year in the first four months of 2026.
- The report tracked an average of 171 publicly disclosed incidents per month and found nearly 70% of attacks were concentrated in Germany, the UK, France, Italy and Spain with Germany the single most‑targeted country.
- Third‑party compromises are a major growth path for attacks: Black Kite linked dozens of downstream incidents to the August 2025 Miljödata supplier breach, which exposed data for more than one million people and affected roughly 200 customers.
- Ransomware groups show different tactics and footprints, with Qilin responsible for the largest share of incidents across 26 of 31 countries while SafePay focused mostly on German targets, and manufacturing accounted for about 28% of attacks.
- Black Kite urges faster patching, continuous supplier monitoring, and board‑level oversight as NIS2, DORA and other rules increase firms' legal and operational obligations and raise the cost of inadequate third‑party controls.