Lock-in, limited control over software updates, potential exposure to surveillance and foreign regulations… Ultimately, the European energy sector faces largely the same risks as other industries.
This finding comes from a study commissioned by the EU. It maps the landscape of dependence on foreign digital solutions. A section is dedicated to the energy sector, with a focus on the cyber solutions deployed there. As on a global level, American vendors—and, to a lesser extent, Israeli ones—dominate.
Network security
Firewalls: Check Point (Israel), Fortinet (USA), Palo Alto Networks (USA), Siemens (Germany), Stormshield (France).
IDS/IPS: Cisco (USA), Dragos (USA), Nozomi Networks (USA, but slated for acquisition by Japanese company Mitsubishi Electric), Siemens (Germany), Stormshield (France).
Segmentation: Schneider Electric (France), Siemens (Germany), TDi (USA), Waterfall Security (Israel).
Endpoints
CrowdStrike (USA), McAfee (USA), Microsoft (USA), SentinelOne (USA), Sophos (UK), Symantec (USA; acquired in 2019 by Broadcom), Trellix (USA), Trend Micro (Japan).
IAM
Patch management: Ivanti (USA), ManageEngine (India), Microsoft (USA), SolarWinds (USA).
RBAC: IBM (USA), Micro Focus (UK, but acquired in 2023 by the Canadian company OpenText), Okta (USA), SailPoint (USA), Savyint (USA).
MFA: Duo Security (USA, acquired by Cisco in 2018), Microsoft (USA), RSA (USA), Yubico (Sweden).
PAM: BeyondTrust (USA), CyberArk (Israel; acquired by Palo Alto Networks in 2025), One Identity (USA), Thycotic (USA; merged in 2021 with Centrify to form Delinea).
Monitoring and incident response
SIEM: ArcSight (USA, but acquired by Micro Focus in 2023), IBM (USA), LogRhythm (USA, merged into Exabeam in 2024), Splunk (USA, acquired by Cisco in 2024).
XDR/SOAR: Armis (USA; under acquisition by ServiceNow), Claroty (USA), Dragos (USA), Nozomi Networks (USA).
Data protection
Encryption: IBM (USA), Microsoft (USA), Symantec (USA), Thales (France).
Anomaly detection: Acronis (Switzerland), Commvault (USA), Rubrik (USA), Veeam (Switzerland).
A sector more inclined to “accept” a cyber risk
American dominance is more pronounced in the IT side, even though specialized vendors have managed to establish a foothold in OT.
China is almost absent in cyber solutions, but strongly present in equipment. For example, it supplies roughly 80% of the EU’s solar panels… and the potential vulnerabilities — or backdoors — that come with them.
ENISA has recently examined the energy sector. It concluded that resilience is highly uneven, for instance between electricity (relatively mature) and gas (lagging in preparedness and response, in particular). It is notable that sector professionals often say they are willing to accept higher cyber risk in exchange for greater opportunities for innovation.
