NATO signs cyber partnerships with Microsoft, Palo Alto, ESET

NATO has signed strategic cybersecurity partnerships with Microsoft, Palo Alto Networks, and ESET, formalising what the alliance describes as non-commercial agreements to strengthen collective resilience in cyberspace. The partnerships were announced on 27 May at the International Conference on Cyber Conflict (CyCon) in Tallinn, Estonia, the annual gathering organised by NATO’s Cooperative Cyber Defence Centre of Excellence.

The deals cover dialogue, information sharing, exchange of best practices, and coordinated activities to address shared threats. They do not involve commercial contracts or procurement. The distinction matters because it positions the partnerships as a policy channel rather than a vendor relationship, giving NATO structured access to threat intelligence and defensive expertise from three of the largest cybersecurity operations in the world without the complications of a procurement cycle.

Why these three companies

The selection of Microsoft, Palo Alto Networks, and ESET covers the three pillars of the Western cybersecurity ecosystem. Microsoft operates the largest cloud infrastructure serving NATO member governments and has deep visibility into threats targeting enterprise and government systems. Palo Alto Networks is the largest pure-play cybersecurity company by market capitalisation and leads in network security and AI-driven threat detection. ESET, the privately held Slovakian firm, brings a specifically European perspective and has become one of the most prolific publishers of advanced persistent threat research, particularly on state-sponsored groups targeting critical infrastructure in Europe.

ESET’s inclusion is the most notable of the three. Founded in Bratislava in 1992, the company has roughly 1,900 employees and an estimated $612 million in annual revenue. It is Europe’s largest privately held cybersecurity firm. Its research teams have tracked and publicly documented campaigns by Russian, Chinese, and North Korean state-linked hacking groups for years, including extensive work supporting cyber defenders in Ukraine since Russia’s full-scale invasion in 2022.

Martin Talian, ESET’s Chief Corporate Solutions Officer, said the company was joining an initiative aimed at collaboratively increasing resilience against threats that seek to undermine society. ESET recently uncovered the expanded arsenal of China-aligned APT group Webworm, which has been targeting European governments using backdoors that exploit Discord as a communication channel.

The threat driving the urgency

Jean Charles Ellermann-Kingombe, NATO’s Assistant Secretary General for Cyber and Digital Transformation, framed the partnerships as a response to the current threat environment. He said deterrence and defence in cyberspace are not only about reliable hardware and software but also about shared norms and principles. That language reflects NATO’s evolving doctrine, which increasingly treats cyberspace as an operational domain on par with land, sea, air, and space.

The numbers back the urgency. Europe was the most targeted region for cyberattacks in 2023, accounting for 32% of global incidents. State-linked sabotage attacks on European infrastructure roughly tripled between 2023 and 2024, hitting transport networks, energy facilities, and communications systems. NATO member states have faced persistent campaigns against government ministries, military networks, and civilian critical infrastructure from Russian and Chinese state-sponsored groups.

The partnerships trace back to the 2023 NATO Summit in Vilnius, where allies formally agreed to expand cooperation with the private sector on cyber defence. The recognition was overdue. The vast majority of the digital infrastructure that NATO allies depend on, from cloud services to telecommunications networks, is owned and operated by private companies. No military alliance can defend cyberspace without structured access to the companies that build and run the systems under attack.

What the partnerships actually do

The NATO announcement is deliberately vague on operational specifics. The partnerships will facilitate dialogue, information sharing, and coordinated activities. They will not involve NATO purchasing products or services from any of the three companies. The non-commercial framing is important for two reasons. It avoids the political complexity of a 32-nation alliance selecting preferred vendors, and it signals that the partnerships are about shared situational awareness rather than technology procurement.

In practice, this likely means structured channels for threat intelligence sharing, joint analysis of emerging threats, and coordinated responses to incidents affecting NATO member infrastructure. All three companies already share threat intelligence informally with national governments and intelligence agencies. The NATO framework formalises those relationships at the alliance level, creating a single point of coordination rather than 32 bilateral arrangements.

A European cybersecurity company at NATO’s table

ESET’s seat alongside Microsoft and Palo Alto Networks carries strategic significance beyond the immediate partnership. NATO has been investing heavily in European technology capabilities, from the DIANA accelerator programme to the €1 billion NATO Innovation Fund. Including a European-headquartered cybersecurity company in the alliance’s most prominent industry partnerships reinforces the message that European firms have world-class capabilities in this domain.

ESET operates 13 R&D centres globally and provides security software in more than 200 countries. It has built its reputation on APT research, consistently publishing detailed technical analyses of state-sponsored campaigns that rival the output of much larger American firms. Its work on Russian-linked groups like Sandworm and Gamaredon, which have targeted Ukrainian infrastructure, has made it a critical resource for defenders in the conflict zone.

The CyCon conference where the partnerships were announced runs from 26 to 29 May under the theme “Securing Tomorrow.” It has drawn reportedly 800 decision-makers, cyber experts, academics, and industry representatives from 48 countries. Tallinn is home to the NATO Cooperative Cyber Defence Centre of Excellence, established in 2008 and now one of the alliance’s most active innovation hubs for cyber and digital defence.

The partnerships are a signal, not a solution. They will not stop the next state-sponsored cyberattack on a NATO member. But they formalise something that has been true for years: that the private sector, not the military, holds the keys to cyber defence. NATO is finally building the institutional architecture to match that reality.