Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

November 29, 2024 Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

September 17, 2024 Download

ENISA Threat Landscape (ETL) report is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes…

Best Practices for Cyber Crisis Management

February 27, 2024 Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

Managed Security Services Analysis cover featuring an illistration of a woman working on different screens with statistics

Managed Security Services Market Analysis

24 June, 2025

This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side. It addresses MSS usage patterns, compliance and skills certification, threats, requirements, incidents and challenges…

Public_Consultation_on_Specifications_for_EUICC_Certification.png

Public Consultation on Specifications for EUICC Certification under the EUCC scheme

19 November, 2024

ENISA has published specifications for the evaluation and certification of embedded Universal Integrated Circuit Cards (eUICCs) under the European Common Criteria-based cybersecurity certification scheme (EUCC). Recognising the potential role of…

Market of Cybersecurity Assessments

31 January, 2024

This Report aims at presenting the current state of play of cybersecurity assessments of ICT products and cloud services. In order to study the dynamic of the related market, the report focuses on the evolution of the number of assessed ICT…

Developing National Vulnerabilities Programmes

16 February, 2023

Based on the experiences and perspectives gathered from industry players and national governments, as well as on the documentation developed by multiple actors involved with national vulnerability initiatives and programmes, the EU Coordinated…

Public Consultation on the draft Candidate EUCC Scheme

26 May, 2021

This report presents the outcome of the public consultation on the first draft of the cybersecurity certification candidate EUCC scheme. The scheme was developed following the request from the European Commission in accordance with Article 48.2 of…

Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

25 May, 2021

Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…

EUCS – Cloud Services Scheme

22 December, 2020

This publication is a draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services), which looks into the certification of the cybersecurity of cloud services. In accordance with Article 48.2 of the…

How to set up CSIRT and SOC

10 December, 2020

This publication provides results-driven guidance for those who are interested in establishing a computer security incident response team (CSIRT) or security operations centre (SOC), and guidance on possible improvements for different types of…

Cybersecurity Certification: Candidate EUCC Scheme

2 July, 2020

Proactive detection - Good practices gap analysis recommendations

26 May, 2020

The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…