Ukraine’s cyber defence ecosystem has undergone a major transformation since the February 2022 full-scale Russian invasion, creating an important case for understanding modern cyber defence during a long-term active conflict. Together with our partners, NATO CCDCOE has conducted interviews and surveys with 39 respondents from 21 Ukrainian organisations across government, military, private sector, and civil society organisations. This brief examines how Ukraine has adapted its cyber defence architecture and identifies some critical lessons for NATO and allied countries going forward.
Ukraine’s cyber resilience rests on four interconnected pillars: the government’s innovative approach, expanded roles for private sector actors, intensive international partnerships, and integration with multinational technology companies. While vital for survival, these arrangements have created strategic dependencies that may impact sovereign decision-making and raise questions about their long-term sustainability. Over 85% of the surveyed Ukrainian organisations rely heavily on US-based technology providers, creating a vulnerability where operational continuity could depend on the political and financial alignment of foreign entities. Moreover, informal personal networks have frequently proven more effective than formal coordination channels during a crisis, providing the agility that rigid structures lack. Ukraine’s own 2021 Cybersecurity Strategy acknowledged the absence of an effective public-private partnership (PPP) model, a gap that the conflict has forced rapid and largely ad hoc improvisations to address, resulting in a resilient but fragmented ecosystem.
As a result, three key recommendations may be derived: (i) developing pre-crisis partnership frameworks, (ii) formalising the role of non-state actors in cyber defence, and (iii) collectively addressing the digital sovereignty implications of deep dependencies on foreign technology companies.