New research commissioned by European cybersecurity specialist HarfangLab shows performance alone is no longer enough. Instead, questions of jurisdiction, legal control, and operational transparency are taking centre stage: 54% of European IT security decision-makers now cite that data sovereignty is prioritised by businesses when it comes to purchasing decisions. 10% even say that this is their top priority.

HarfangLab’s State of Cybersecurity Report surveyed 800 cybersecurity decision-makers from businesses across Germany, France, the Netherlands, and Belgium, demonstrating a clear shift in perception of the global cybersecurity landscape, with increased concerns about foreign actors and a lack of control over data and cybersecurity deployments.  

Sovereignty as the new cybersecurity KPI

As the region grapples with growing geopolitical instability, foreign surveillance concerns, and regulatory complexity, European businesses are shifting from reliance to resilience, demanding greater control over where their data resides, how it is governed, and who can access it. 78% of businesses say that their leadership is more concerned with digital sovereignty than they were a year ago.

Outside of sovereignty topics, when asking the IT decision makers what factors really matter when choosing a cybersecurity solution, strategic autonomy and the ability to deploy on-premises or in their chosen environment comes first (26%), followed by the proof of performance (22%), and the proximity and quality of customer support (22%). This also underscores the importance of trust when selecting a security provider.

 

“Performance is the foundation for any serious security provider. But today, this is not enough, and European organisations are asking for more,” says Anouck Teiller, Chief Strategy Officer at HarfangLab. “They want to know where data is hosted, who controls the infrastructure, and which legal frameworks apply. Sovereignty has become a measurable business priority: a new cybersecurity KPI.”

Europe shifts from reliance to resilience

The report points to a broader strategic realignment across Europe to reduce dependency on foreign cybersecurity providers and to build a more sovereign and resilient digital defense ecosystem. Across the region, 70% of respondents agree that European businesses are too dependent on foreign technology. Concern is highest in Germany (84%) and France (82%), with strong majorities also in the Netherlands (67%) and Belgium (70%).

69% of respondents are concerned that cybersecurity products developed outside the EU may be subject to surveillance laws in other jurisdictions. In response to these concerns, a majority of companies are actively considering sovereign alternatives, with 70% of respondents saying they are open to switching to a European cybersecurity provider. In fact, 75% of European businesses believe that EU vendors are better aligned with local compliance and regulatory needs, and 77% say European cybersecurity companies understand the region’s specific threat landscape and priorities.

Sovereignty and trust are shaping cybersecurity

A decisive shift is emerging across Europe as organisations increasingly prioritise sovereignty and control. On-premises deployment is gaining ground as a control mechanism. Across Europe, 31% of organisations prefer on-premises EDR solutions over cloud-based models, specifically to retain control over deployment, updates, and infrastructure. According to the report, 37% of European companies are “extremely” or “very” concerned about foreign access to data stored in cloud-based cybersecurity systems. This concern is most acute in Germany (44%) and France (38%), while still significant in the Netherlands (35%) and Belgium (33%).

This growing anxiety is influencing procurement decisions. On-premises capability is now the most important selection criterion for cybersecurity vendors. While 42% of businesses still rely on hybrid models and 35% on cloud, a notable 17% are planning a shift to on-prem solutions, driven by the need for control and legal assurance.

The motivations behind this shift are clear: 31% of organisations Europe-wide want full control over deployment, updates, and infrastructure — with the strongest sentiment in Germany (34%) and Belgium (33%), followed by France (30%) and the Netherlands (29%). 28% of European respondents seek to ensure full local control over their data. Another 28% want to reduce dependency on third-party cloud providers, and 26% are motivated by a desire to reduce exposure to geopolitical risk or foreign surveillance.

 

“The cloud only becomes a problem when it’s imposed without strategy or transparency. From a cybersecurity perspective, what matters is that using the cloud is a conscious choice, not a default, and that organisations retain control over their data, configurations, and threat detection”, says Teiller. “On-prem isn’t automatically the ‘secure’ option, it’s just one option. Like the old Westerns, there’s the good, the bad, and the ugly. Done right, with clear strategy and skilled teams, on-prem can give you tight control. But without that, it quickly becomes a patchwork of blind spots and outdated assumptions. Security isn’t about location. It’s about how well you manage and monitor what you’ve got.”

Download the full report here.

Methodology:
The report is based on research conducted by Sapio Research, commissioned by HarfangLab. The interviews took place in Q2 2025 and surveyed over 800 IT and cybersecurity leaders across France, Germany, Belgium, and the Netherlands. Business sizes ranged from 300 to 5,000 employees, covering sectors including healthcare, manufacturing, technology, and government services.

About HarfangLab

HarfangLab is a global cybersecurity provider specialising in endpoint protection against known and unknown threats. Check out the Harfanglab profile in the Cyberhive