Five thousand major cyber-incidents were recorded across Europe in 2025.

Omissions

• The ENISA Threat Landscape 2025 report's data period does not correspond to calendar year 2025: ENISA reports typically analyse incidents from a 12–18 month window ending before the publication year, so the data likely covers mid-2023 to mid-2024 rather than the full year 2025 as the claim implies.
• The report analyses incidents within EU Member States specifically, not the broader geographic scope of 'Europe' as stated.
• Not all incidents analysed by ENISA are necessarily classified as 'major'; the report covers a threat landscape across severity levels.
• The MEP did not cite any source, making independent verification dependent on identifying the correct underlying dataset. The closest match is the ENISA Threat Landscape 2025 report, though the MEP could not have known its exact contents if the speech predates the report's publication.

Sources

• PrimaryENISA Threat Landscape – European Union Agency for CybersecurityThe ENISA Threat Landscape report analyses 4,875 incidents over its reporting period.
• SecondaryDigital SME Alliance – ENISA Cybersecurity Threat Landscape Report 2025 Key TakeawaysThe 2025 ENISA Threat Landscape report provides a broad overview of the European cyber threat ecosystem, covering nearly 4,900 incidents analysed between July 2023 and July 2024.