The uneven geographical distribution of risks highlights the need for measures tailored to national contexts. In the second quarter of 2025, email was the only growing source of threats in Eastern Europe, with 4.10% of ICS computers attacked via this vector which is 1.3 times higher than the global average (3%). By contrast, other sources such as removable devices or network folders recorded values below the global average.
Industrial Control Systems (ICS) are specialised computer networks designed to monitor and manage industrial processes. They are at the core of critical infrastructure such as energy grids, water supply, transport systems, oil and gas facilities, and manufacturing plants.
Unlike ordinary office IT systems, ICS operate in real time, ensuring that physical processes run safely and efficiently.
The share of computers where malicious documents were detected and blocked was 1.4 times higher than the global average. Southern Europe recorded the highest exposure to malicious emails (7.23%), while Western Europe remained below the global average, at just 1.89%.
Romania registered a rate of 6.65%, above the regional average, alongside countries such as Bosnia and Herzegovina (11.55%) and Croatia, where malicious emails frequently contain infected documents, spyware or dangerous scripts.
Internet: the second most common attack source
With 9.74% of ICS computers blocking threats from the internet, Eastern Europe ranks fifth globally, above Western Europe (6.82%) and Northern Europe (6.57%), but below Southern Europe (8.35%).
Belarus tops the list of Eastern European countries, with a rate of 11.45%, followed by others with exposed infrastructures. Romania is close to the regional average of 9.74%, but below countries such as Belarus and Ukraine.
The main categories of online threats include access to dangerous resources (denylist), malicious scripts and phishing pages, as well as executable miners. Globally, Eastern Europe ranks third for blocking access to denylisted resources and fourth for detecting executable miners.
Mobile media threats
In terms of threats from mobile media (USBs, external HDDs, etc.), Eastern Europe ranks seventh worldwide, with 0.23% of ICS computers affected – 8.6 times higher than in North America, the least exposed region.
Ukraine (0.44%) and Bulgaria (0.43%) lead the region in terms of incidence, with attacks dominated by worms, spyware and viruses. By comparison, Western Europe recorded a rate of just 0.07%, while Southern Europe stood at 0.10%, confirming significantly lower exposure.
Only a small number of threats originate from network folders in Eastern Europe, which ranks second to last globally in this category. This source of threats is even less frequent only in Northern Europe.
Against the backdrop of a complex threat landscape, Eastern Europe presents a unique combination of vulnerabilities. Email remains the main attack vector, while the geographical distribution of risks highlights the need for measures tailored to national contexts.