Cybersecurity is no longer a technical side-issue for Europe—it has become a strategic test of resilience, autonomy, and credibility. In our new paper, Europe and the Cyber Domain: Vulnerability, Deterrence, and Strategic Constraints, Alexandr Burilkov examines why cyber deterrence remains difficult to define and even harder to deliver in the European context.
Europe has made real progress on rules and standards, but the paper argues that deterrence doesn’t automatically follow regulation. Cyberspace rarely offers clear escalation thresholds, attribution can be contested, and responses often rely on cross-domain tools—legal, economic, and diplomatic—rather than “cyber-for-cyber” retaliation.
A central theme is the tension between:
- Deterrence by denial (hardening systems, limiting damage, reducing attackers’ gains), where Europe’s model is strongest, and
- Deterrence by punishment (imposing costs), which is more constrained by politics, coordination gaps, and uneven capacity across member states.
The paper also highlights how structural vulnerabilities shape Europe’s options: persistent hostile activity below the threshold of conflict, fragmented national capabilities, and strategic dependencies in parts of the digital stack that matter for both security and sovereignty.
Read our paper to explore what Europe can realistically deter in cyberspace—and what it must fix to reduce vulnerability and strengthen strategic leverage.