Ever since the cyber attacks against the computer networks of European governments and defence and foreign ministries have become public knowledge, security policy-makers have insisted that the EU Member States need to develop more adequate cyber-defence and cyber-retaliation capabilities. However, the EU continues to base its cyber-security strategy on the resilience of Information and Communication Technology Infrastructures and cyber diplomacy as part of its Common Foreign and Security Policy (CFSP) so as to position itself as a force for peace. Its Joint EU Diplomatic Response to Malicious Cyber Activities, adopted in October 2017, primarily stipulates non-military instruments that could contribute to “the mitigation of cybersecurity threats, conflict prevention and greater stability in international relations”. Faced with increasing activities infrastructures, Europe would be well-advised to adhere to the step-by-step cyber-diplomacy plan, which is based on the principle of due diligence.