Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Cyber Threats Outreach In Telecom

In this paper, we aim to give guidance to national Authorities and providers of electronic communications networks and services regarding how to strike the right balance and carry out efficient and effective outreach to users about cyber threats.
National / EU authoritiesPrivate Sector

Securing Machine Learning Algorithms

Based on a systematic review of relevant literature on machine learning, in this report we provide a taxonomy for machine learning algorithms, highlighting core functionalities and critical stages. The report also presents a detailed analysis of…
Private Sector

NIS Investments Report 2021

Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of…
National / EU authorities
trust services security incidents 2020 annual analysis report

Trust Services Security Incidents 2020 - Annual Report

Article 19 of the eIDAS regulation sets out the security requirements for the trust service providers (TSPs) and introduces mandatory security breach reporting for trust service providers (TSPs) in the EU. This report provides an aggregated overview…
National / EU authorities
telecom annual incident reporting 2020

Telecom Security Incidents 2020 - Annual Report

Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications…
National / EU authorities

Assessment of EU Telecom Security Legislation

European Union telecom security legislation has been changing over the last few years. In light of these policy changes, ENISA carried out an assessment of the implementation of EU telecom security policy, to inform policy makers in the Commission…
National / EU authorities
5g supplement security measures under eecc

5G Supplement - to the Guideline on Security Measures under the EECC

This document contains a 5G technology profile which supplements the technology-neutral Guideline on Security Measures under the EECC. The document gives additional guidance to competent national authorities about how to ensure implementation and…
National / EU authorities

Guideline on Security Measures under the EECC

This document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate…
National / EU authorities

Recommendations for the security of CAM

The aim of this report is to provide a high-level overview of the cybersecurity challenges in the CAM sector and to highlight both the concerned CAM actors and associated recommendations. Cybersecurity in the CAM ecosystem is partially standardised…
Private Sector

Technical Guideline on Incident Reporting under the EECC

This document describes the formats and procedures for cross border reporting and annual summary reporting under Article 40 of the EECC. Paragraph 2 of Article 40 describes three types of incident reporting: 1) National incident reporting from…
National / EU authorities