From Prevention to Resilience

Cyber threats continue to outpace conventional defense strategies, underscoring the need for more adaptive security approaches. This study examines how six principal European Union frameworks, including the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), align with modern operational tactics: Redirect, Obviate, Impede, Detect, Limit, and Expose. Using a structured qualitative methodology, including legislative text analysis and cross-referencing with real-world incidents, the research maps each regulation’s provisions to specific defensive functions. Results indicate that while prevention, detection, and coordinated incident response are well addressed, more assertive tactics, such as diverting attackers to decoy environments or employing strategic deception, remain largely absent. This gap may limit the EU’s overall capacity to counter sophisticated threats that circumvent static defenses. In conclusion, supplementing existing regulations with practical guidance and controlled pilot initiatives could enhance cyber resilience without compromising legal or ethical standards. Such measures would empower both public and private entities to adopt a broader range of defensive strategies, ultimately strengthening Europe’s posture against increasingly advanced cyberattacks.