Ukraine has withstood relentless cyberattacks and protected its critical infrastructure—all while fighting a full-scale war. As the US threatens to withdraw its support, Europe should step in to pick up the bill and embed the embattled Ukraine’s hard-earned cyber experience in its revamped security strategy.
Here are four key cybersecurity lessons from Ukraine.
Lesson 1: Prioritize Cyber Resilience
Cyberattacks on critical infrastructure risk as much devastation as physical attacks. Russia has targeted Ukraine’s power grids, communications networks, and digital government services. It often timed missile barrages right after cyber-attacks, precisely when engineering teams were racing to bring power grids or telephone switch centers back online.
Despite the relentless assaults, Ukraine defended its digital backbone, keeping its energy grid, telecom and government databases functioning. It moved key data into the cloud and out for the country, with the help of private tech cloud suppliers. It invested in tailored solutions for core energy infrastructure, assuming attackers will breach defenses, but then will be deceived and defeated. On Christmas Eve, Russia targeted Ukraine’s Ministry of Justice databases, including state registries. While they disrupted services, Ukraine was able to restore the registries.
Just as governments invest in military infrastructure for planes and tanks, they need to invest —to cybersecurity. In Ukraine, USAID provided nearly $90 million into Ukrainian cyber defense projects over the past four years. Cybersecurity should account for 10-15% budget line in every IT project.
Lesson 2: Partner with the Private Sector
Governments alone cannot defend cyberspace. Private companies own most critical infrastructure – and the private sector deploys the most advanced cyber defense capabilities. In Ukraine, tech companies combat electronic warfare hand-in-hand with remarkable effectiveness.
In Latvia, like Estonia, we are creating units where private sector experts practice cyber defense alongside government institutions by creating cyber defense units within our National Guards. The format allows volunteer experts from the private sector to join state-run or even NATO exercises, train cyber skills, and prepare to deploy during a crisis.
Get the Latest
Sign up to receive regular Bandwidth emails and stay informed about CEPA's work.
The US has taken the lead partnering with Silicon Valley. While many tech companies long hesitated to work with the Pentagon, Russia’s attack on Ukraine has opened the door for Open AI, Meta, and Anthropic, among others, to supply artificial intelligence to the Pentagon.
If European companies are to compete against their US counterparts, they should partner with Ukraine’s cyber startups. Industry is receptive. In a recent letter from to the European Commission, 90 companies emphasized the need to loosen dependency on the US for cutting-edge tech. A key part of their agenda is investment in European cybersecurity.
Lesson 3: Leverage Ukraine’s Cyber Talent
Ukraine has the talent that Europe needs. It is filled with young, highly skilled STEM graduates who have been battle-tested during the war and are keen to innovate. At the 2025 Kyiv International Cyber Resilience Forum, organizers had to turn away hackathon participants.
Fresh research reveals Ukraine’s leading position in Europe’s cyber industry. Unlike many consultancies that check compliance boxes, Ukrainian cyber companies focus on building software products that defend networks. The country’s cybersecurity market quadrupled over the past eight years, reaching $138 million in 2024, and is forecast to grow by another 50% over the next five years to reach $209 million. Almost two-thirds of these sales are defense software.
The global cybersecurity industry faces a shortfall of five million specialists. Instead of struggling to fill this gap independently, Europe should seize the opportunity to partner with Ukraine’s cyber workforce.
Lesson 4: Replace the US
Historically, the United States has played a leading role in bolstering Ukraine’s cyber capabilities, often providing direct funding through USAID. The US agency accounted for almost half of Ukraine’s cyber donor budget. That funding is now vanishing. As Europe now takes steps to build its own strategic autonomy in security, it must also step up to fill the gap.
Ukraine’s defense against relentless cyberattacks represents a crucial playbook. As Europe prepares to boost its defense spending, it should follow Kyiv’s lead and prioritize cybersecurity. Europe needs its own innovative cyber solutions and the specialized talent to deploy them. Ukraine is an essential partner.
Ieva Ilves has more than two decades of experience in digital transformation, cybersecurity, and international affairs. Her career spans high-level roles in Latvia, Estonia, and internationally, including as Digital Policy Advisor to Latvia’s President. She led Latvia’s first national cybersecurity strategy and the project to establish NATO’s Strategic Communications Centre of Excellence in Riga. She advises Ukraine’s Ministry of Digital Transformation and WithSecure, a Finnish cybersecurity company. She has a master’s from Johns Hopkins University SAIS.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
Comprehensive Report
By Ronan Murphy
European Union digital regulations are spreading across the globe. CEPA is mapping where similar rules have been adopted or are under consideration, starting with the Digital Markets Act.
March 19, 2025
Learn More
Read More From Bandwidth
CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy.
Read More