At the beginning of April, Red Alert Labs participated in the Teaming Up for Cyber event at INCYBER Forum 2026 in Lille, hosted by the European Champions Alliance (ECA). Alongside the Fraunhofer Institute, leading universities, CISOs from major corporations, the Dutch Ministry of Finance, and dozens of European startups and scaleups, we came together for a single purpose: to move beyond fragmentation and chart a common course for European cybersecurity.

The result is a joint position paper: a set of concrete, actionable recommendations directed at EU institutions, regulators, and large corporate users. It is the kind of document that only happens when competitors sit at the same table and decide that the threat is bigger than the competition.

Four Themes. One Urgent Message.

The event structured its work into four focus groups, each tackling a distinct but deeply interconnected challenge:

Each group surfaced challenges that, on the surface, look technical, but at their core are strategic and political. AI is lowering the barrier for attackers, enabling polymorphic malware and hyper-personalised social engineering that makes traditional security awareness training obsolete. Vulnerability management is drowning in alerts while missing the bigger picture: third-party supply chains and code-level risks. Post-Quantum Cryptography is no longer a future problem. The "Harvest Now, Decrypt Later" threat means adversaries may already be stockpiling encrypted data today.

Where Red Alert Labs Focused: Industrial & OT Security

Our team contributed to the Industrial Systems (OT) Security focus group, an area where the stakes are uniquely high. The convergence of IT and OT networks has dramatically expanded the attack surface, but governance has not kept pace. Attackers do not recognise the boundary between the factory floor and the enterprise network. Security policies often still do.

One of the sharpest insights from this group was what we called the "chicken and egg" problem: European OT security vendors are seen as niche players because they lack large enterprise customers, while large corporations hesitate to buy from vendors they perceive as too small. The paper calls for large European corporations to act as anchor customers, jointly defining a minimum common set of requirements and committing to procure from European vendors who collaborate to meet them.

The recommendations also call for:

• Unified IT-OT governance with a single executive risk owner at board level
• A European OT resilience framework aligned with ISA/IEC 62443
• A shift from vendors selling niche technology to delivering measurable risk reduction and recovery readiness

The Bigger Picture: Digital Sovereignty Is Not a Slogan

Across all four focus groups, a common thread emerged: Europe possesses the talent, the technology, and the regulatory frameworks to lead on cybersecurity, but the ecosystem remains fragmented. The position paper makes a blunt strategic call: European actors must collaborate, even among competitors, to achieve the scale necessary for global autonomy.

This means EU regulation must go beyond encouragement and actively enforce the adoption of European solutions. It means establishing a European PQC Observatory and an AI Center of Excellence to pool research and certification. And it means moving conversations about post-quantum cryptography out of specialist conference rooms and into boardrooms before the window closes.

We are proud to have been part of this initiative and to stand alongside so many committed European actors. The full position paper, co-authored with all participating organisations, contains the complete set of recommendations across all four focus groups. We invite you to read it, share it, and act on it.

Red Alert Labs is a member of the European Champions Alliance. Learn more at european-champions.org