Eastern Europe digitized fast — it must now protect its systems

New Eastern Europe
Eastern Europe digitized fast — it must now protect its systems

Growing threats to the region’s digital architecture have encouraged a concerted response. Ongoing issues specific to the area are even placing Central and Eastern Europe at the forefront of such developments.

Despite common characterizations of Eastern Europe as a region still in need of catching up with its western counterparts, in many areas the opposite is true. Central and Eastern European states, as well as those amongst the Baltics and Balkans, have shown remarkable progress and initiative in transforming their economies into powerhouses of digital innovation. Concurrent with the increasing strategic profile of and growing reliance on digital networks, countries in the region have become potential targets in a wider geopolitical competition for influence.

Recent examples of targeted cyber-attacks against 170 email accounts of prosecutors in UkraineTelekom Srbija Group's database, the Albanian Post, and the Romanian National Water Agency point well beyond a series of isolated incidents. As countries and their individual populations become more intimately interconnected, criminal groups, politically motivated actors, and foreign influence operations will increasingly look for ways to compromise their systems. The protection of these systems will become just as important a national priority as energy networks, transportation systems and financial institutions.

Eastern Europe has made great strides modernizing its economies and reducing costs through digitization. In the field of governance, Estonia and Ukraine have developed digital public service platforms through which citizens can access a growing list of services such as applying for official documents and IDs, paying taxes, establishing a business, and even voting. Poland, Romania and the Czech Republic have become major hubs in the global IT ecosystem, establishing several tech unicorns and flourishing in the fields of software development, generative AI, gaming and even space technology. Fintech and E-commerce have been prominently expanding in the region, covering countries from the Baltics to the Balkans.

At the same time, Eastern Europe occupies a particularly sensitive strategic landscape at the intersection of multiple competing interests. The region is economically integrated with the European Union while parts of it are still dependent on Russia for energy. Russia's geographic proximity has also gained newfound importance since Moscow invaded Ukraine in 2022. In this environment, cyber-attacks have become regularly conducted tools aimed at intelligence gathering, testing European countries' institutional resilience, creating disruption, and undermining public trust.

Ukraine – a country currently under the most strain both militarily and in its cyber sphere – has experienced consistent Russian state-backed digital operations against its national infrastructure. These have included attacks on its energy grid, satellite communications, state and justice systems, and other essential databases. In a further severe case, the 2019 breach of the National Revenue Agency in Bulgaria involved the theft of records affecting a staggering 70 per cent of the country's population. The incident exposed several vulnerabilities in the protection of government data. Meanwhile, an early 2026 attack against Telekom Srbija Group, which succeeded in stealing users' personal data while demanding a ransom, took place against the background of an intensifying East-West competition in the country. Still beholden to Russia for its energy needs but registering an expanding group of western-aligned businesses, Serbia may serve as an ideal target for future attacks too. Telekom Srbija Group's position in between these opposing forces made it a desirable target for the data breach and associated extortion campaign. Telekom Srbija Group and company CEO Vladimir Lucic have been central in the efforts to bring western-manufactured 5G infrastructure to the region. They have been further responsible for the penetration of the Serbian market by western media groups like Newsmax and Euronews.

The distinction between government and privately managed systems becomes less relevant when placed in the context of the value of the stolen information to the attackers. Private companies in today's digital ecosystem often manage as much if not more personal information as tax authorities, national healthcare providers, and passport offices. Modern societies in Eastern Europe depend on the combined digital infrastructure between the public and private sectors to a great extent. As continued economic growth depends on the expansion of digitization, the lesson from these incidents is not that such efforts should be curtailed. Instead, cybersecurity initiatives should be elevated to the level of national interest. As single organizations are unlikely to effectively take up the challenge that protecting digital infrastructures requires, cooperation between governments, businesses, international partners, and citizens could soon emerge as part of more realistic efforts.

Newly emerging data protection initiatives in Eastern Europe can a learn a lot from Estonia's experience, which has exemplified how an embedded cybersecurity approach in the foundation of governance can build more resilient systems in the long term. Estonia's “security-by-design” principle stands in contrast with some of the more permissive digital policies of other European countries, which have prioritized innovation and scalable economic growth without similar safeguards in place.

As Eastern Europe faces up against a new geopolitical era in which digital infrastructure has become a strategic target, the protection of its systems should become part of the same conversations that have taken place about the defence of territory, energy and other critical assets. The countries that will succeed in this landscape will not be the ones that avoid digital risks and cyber-attacks, but those that recognize the importance of digital defence and invest in the development of capacities to withstand such attacks.

Luka Petrović is a political analyst of Balkan descent based in Germany, with a focus on the Western Balkans, international relations, and human rights. He studied IR at Ludwig Maximilian University of Munich (LMU). His research interests include regional politics, post-conflict societies, and EU engagement in South-Eastern Europe. Luka has contributed research and analysis to major international NGOs, including Amnesty International, Human Rights Watch, and the International Committee of the Red Cross (ICRC), with a focus on human rights monitoring, minority protection, and conflict-affected communities in the Balkans.