Each country should be doing this
These EU agencies unfortunately are just setup to try and foster relations amongst the countries. Which is fine, when we have all had a referendum on joining, but until then it is a bit daft to put your cybersecurity eggs all in one basket.
An EU body could acts as a coordinator amongst the countries, but each country should have their own body independent of the EU, that would make more sense.
It is the same for combined forces, you need the country focusing on what works well for them, but interfacing with the larger community of countries in Europe. SHAPE for example is quite an interesting place, but it is very political, and used more to foster good relationships rather than achieve any solid objective. MOD does more for the protection of the UK than SHAPE does.