ENISA, the European Network and Information Security Agency, said concerted efforts must be made to address security threats at a European level because of imbalances between member states.
ENISA said cyberattacks like the one in Estonia last year were ongoing and called for mandatory reporting of security breaches.
"Europe must take security threats more seriously and invest more resources in network and information security," said Andrea Pirotti, executive director of ENISA. The organisation added that member states have "a long way to go in safeguarding the e-economy".
"Europe should not wait for a digital 9/11," it warned.
ENISA said there were two main areas of imbalance between member states.
The first regards CERTs (Computer Emergency Response Teams), which provide critical intelligence in defending a country against cyber attacks. Fourteen countries currently have one or more CERTs, which leaves thirteen member states which do not.
The second imbalance involves the level of awareness of security among smaller businesses. Because SMEs make up 99% of European businesses, yet have relatively few resources to defend themselves, ENISA says that raising awareness of basic security practices among smaller businesses is essential.
ENISA also called for mandatory reporting of security breaches so the size of the cybersecurity threat could be quantified and the necessary resources made available.
An ENISA spokesperson said: "We want member states to put pressure on the EU to get mandatory reporting on security breaches - as long as there are checks and balances so you can be confident of the rules and how they apply. If we could get more transparency in terms of security breaches, we could quantify the problem. This has to be imposed at an EU level."
Referring to the need to iron out the imbalances between countries, the spokesperson said: "We must have a level playing field. The weakest link will break it."