In 2026, Europe is set to face a rise cyber-physical attacks targeting critical infrastructure such as energy grids, transport and digital infrastructure, according to Google Cloud Security.
In specific analysis of Europe, Middle East and Africa (EMEA) based on findings from its Cybersecurity Forecast 2026 report, published on November 4, 2025, Google Cloud Security anticipates increased cyber espionage campaigns from state actors, particularly Russia and China, targeting European governments, defense and research in critical and emerging technology sectors.
These attacks could take the form of hybrid warfare, where cyber means support attacks impacting physical systems, especially in critical infrastructure.
These cyber-physical attacks will likely be combined with information operations to undermine public trust, the report added.
Additionally, non-state threat actors are expected to continue to target European supply chains, especially managed service providers and software dependencies, to gain access to numerous downstream targets, Google Cloud Security noted.
Globally, Google analysts said they expect cybercrime to remain the primary disruptive threat to industrial control systems (ICS) and operational technology (OT) in 2026.
Some ransomware operations deployed in 2026 will be specifically designed to impact critical enterprise software, such as enterprise resource planning (ERP) systems, severely disrupting the supply chain of data essential for OT operations.
Read more: Hackers Help Organized Crime Groups in Cargo Freight Heists, Researchers Find
Google’s Cyber Predictions for 2026
Other key forecasts outlined by Google Cloud Security include:
- Adversaries fully embracing AI, with the use of AI for malicious campaigns expected to shift from the exception to the norm, transforming the landscape with sophisticated, multimodal attacks that combine voice, video and text deepfakes
- Cybercrime to remain globally disruptive, with ransomware and data theft extortion to continue to dominate financially motivated attacks, targeting third-party providers and zero-day vulnerabilities at scale
- North Korean (DPRK) IT worker schemes to expand, especially across Europe, posing both financial and espionage risks
- Russia's cyber operations to undergo a strategic shift, moving beyond short-term tactical support for the conflict in Ukraine to prioritize long-term global strategic goals (e.g. developing advanced cyber capabilities, collecting intelligence to support global political and economic interests and obtaining strategic footholds within international critical infrastructure environments)
- The volume of China-nexus cyber operations to continue surpassing that of other nations in 2026, prioritizing stealthy operations and maximizing operational scale
- Iranian cyber activity to be driven by objectives of regime stability and maintaining regional influence amid ongoing geopolitical conflicts, with the risk of wiper deployment remaining elevated in 2026