A white paper from the Cyber Defense Assistance Collaborative (CDAC) finds that since the start of Russia’s full-scale invasion of Ukraine in 2022, Ukraine has faced a persistent and evolving wave of cyberattacks targeting government systems and critical services. The report notes that Russian cyber actors have repeatedly attempted to exploit the digital domain alongside conventional military operations, seeking to disrupt essential state functions and weaken Ukraine’s ability to govern and sustain its wartime operations.
Four years into the conflict, governments, private-sector cybersecurity firms, and research institutions are increasingly examining Ukraine’s experience to extract lessons for future cyber defense assistance models. The CDAC report analyzes how cyber defense assistance has been delivered to Ukraine by foreign governments, private-sector partners, and coordinating bodies, offering insights into the structure, delivery mechanisms, and effectiveness of international efforts to support cyber resilience during wartime.
The paper finds that cyber defense assistance provided by foreign governments and the private sector differs in several key ways, including the scale of support, the speed of mobilization and implementation, and the types of capabilities delivered. It also notes that coordination mechanisms can improve visibility and efficiency across assistance efforts, although they have at times faced administrative friction and inconsistent transparency practices. While hardware continues to represent a major share of support, the report observes a growing emphasis on training, signaling a potential shift toward strengthening long term resilience and domestic cyber defense capabilities.
Over the last four years, CDAC detailed that various types of actors have emerged in the donor or provider community, shaping Ukraine’s cyber defense ecosystem. Primarily, donor types include foreign governments, private-sector companies, and coordination mechanisms. The different status of delivery included delivered or implemented and pledged or committed.
The dataset analyzed in the report captures roughly US$2.29 billion in committed and delivered cyber defense assistance, including about $1.29 billion already delivered. The data reflects a mixed ecosystem of support, ranging from high-value government aid packages to high-volume but lower-value operational assistance from private-sector providers. By comparison, international military aid to Ukraine since Russia’s full-scale invasion of Ukraine in 2022 has reached approximately $190.7 billion, meaning cyber defense assistance accounts for only about 1.2 percent of the total.
Early private-sector assistance reflects the rapid mobilization that followed the 2022 invasion, with companies moving quickly to deliver operational cyber support. A peak in the fourth quarter of 2022 coincided with the creation of more structured coordination frameworks and consolidated assistance packages, as early uncertainty gave way to clearer priorities.
CDAC mentioned that foreign government support followed a different trajectory, with slower initial delivery but a sharp rise in both commitments and disbursements over time. A notable surge in the first quarter of 2025 aligns with large aid tranches tied to coordination frameworks such as the IT Coalition and the Tallinn Mechanism. The widening gap between pledged and delivered government assistance across several quarters highlights a structural reality of public-sector support, where procurement procedures and administrative processes often slow the pace of operational delivery.
The report notes several limitations stemming from incomplete and uneven data. Not all delivered or committed cyber defense assistance to Ukraine is publicly recorded or known, meaning the actual volume of support likely exceeds the figures captured in the analysis. Data quality and specificity also vary across the dataset. Details such as the value of assistance, the nature of the support, and the identity of recipients are often withheld. Many providers deliberately limit disclosure to protect their operational practices, Ukraine’s technological advantages, the security of implementing partners, and sensitive supply chain relationships.
In some cases, limited transparency created uncertainty about whether certain assistance entries might be counted more than once. To avoid potential duplication, the report adopts a conservative approach and excludes those data points from its charts and analysis. It also acknowledges that the timing of assistance delivery is difficult to track because public announcements often lag behind the actual transfer of cyber defense resources. Finally, the report excludes several memorandums, agreements, and broader aid packages referencing Ukraine when available information did not clearly identify the specific nature or value of the cyber defense assistance involved.
Foreign governments have been the largest disclosed source of cyber defense assistance to Ukraine between 2022 and 2025, delivering roughly $1.7 billion through bilateral aid and multilateral coordination mechanisms. The analysis identifies 49 confirmed government assistance packages, with nearly eighty percent including hardware. Standalone hardware procurement accounts for at least $930 million, making it the largest category of government-provided cyber defense support.
The report highlights that hardware upgrades remain critical because many advanced cybersecurity tools depend on compatible infrastructure. In several cases, outdated systems have limited Ukraine’s ability to deploy modern defenses such as endpoint detection and response technologies, underscoring the importance of foundational equipment investments.
The data also shows that a sharp increase in government cyber assistance, totaling nearly $1.5 billion, followed the establishment of coordination frameworks. While about $883.5 million has been formally committed, delivery timelines remain uncertain, particularly as European aid packages often take significantly longer to implement. European governments have increasingly taken the lead in cyber defense assistance, especially after U.S. support declined after early 2025.
The CDAC reported that the European Union has been a major supporter of Ukrainian cyber defense, delivering aid through bilateral support or aid channels. EU approaches play an increasingly dominant role, with primary leadership of CDA to Ukraine led by Estonia and Luxembourg. Key initiatives involve deploying cyber rapid-response teams, providing access to an EU Cybersecurity Reserve, and establishing cyber labs for military training.
Estonia has also emerged as a key provider of civilian digital assistance to Ukraine, channeling most support through the Tallinn Mechanism and the IT Coalition, which it co-leads with Luxembourg. Estonia contributed about $2.7 million in 2024 and $10.1 million in 2025 to the IT Coalition, including funding for Starlink systems, and plans to add over $5.9 million in 2026. It has also committed funding through the Tallinn Mechanism, bringing total pledges there to $28.4 million. Overall, Estonia has provided more than $1.18 billion in military and civilian assistance to Ukraine since 2022, with about one-third allocated to civilian support.
CDAC reported that it continues to face unresolved requests for both software and hardware, many of which have remained open for months or even years because of funding and capability gaps. A recurring issue involves short-term software licenses provided through in-kind donations. These licenses often last only a few months, forcing repeated extension requests and creating added friction in delivering cyber defense assistance throughout the four years of the war.
The report also notes a growing number of open requests for training, which may point to a broader shift toward building long-term cyber resilience and a more self-sustaining cybersecurity capability. These coordination mechanisms can also improve scale and execution by introducing structured governance.
Yet the frameworks face persistent structural challenges. By the end of 2025, visibility into cyber defense assistance remained uneven and coordination efforts were often siloed. Establishing transparency between the Cyber Defense Assistance Collaborative and initiatives has proved difficult. Inconsistent disclosure by providers and limited cooperation between coordination channels leave significant gaps in the available data.
As reporting and participation are largely voluntary, large portions of assistance go unrecorded, making it difficult to assess real demand or identify capability gaps. As a result, no single actor has a complete picture of the scale, composition, or timing of cyber defense assistance delivered to Ukraine.
Coordination has also introduced administrative friction. Multilateral frameworks often operate within complex governance structures that slow decision-making and the delivery of aid. In periods of rapidly evolving cyber threats, such delays can weaken the effectiveness of cyber defense efforts.
In conclusion, the CDAC report finds that cyber defense assistance to Ukraine has developed since 2022 into a layered, interdependent ecosystem. Early ad hoc support has gradually shifted toward more structured, multilateral coordination. Yet greater coordination has not fully resolved persistent visibility gaps. Large portions of assistance remain categorized as unknown, reflecting fragmented reporting practices that complicate strategic planning and long-term forecasting of needs. From the available data, the report identifies three emerging themes.
First, foreign government assistance typically appears as large funding packages that often remain in ‘committed’ status for more than a year and are largely directed toward hardware procurement. By contrast, private sector assistance tends to arrive through smaller but more frequent deliveries, often provided within days or months, and has focused mainly on software and training.
Second, coordination mechanisms can help create prioritized requirements lists, improving visibility and reducing duplication. They can also support greater scale, execution, and repeatability through structured governance. At the same time, these mechanisms have shown susceptibility to administrative friction and inconsistent disclosure practices among providers.
Finally, analysis of requested assistance shows that hardware remains a top priority. At the same time, requests for training are increasing, signaling a growing emphasis on long-term cyber resilience and the development of domestic capabilities. As the war enters its fifth year, the evolving cyber defense assistance ecosystem will need to continue adapting to address these challenges, improve efficiency, and sustain support for Ukraine’s cyber defense.
