Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Addressing Skills Shortage and Gap Through Higher Education

In this report, ENISA contributes to both practice and research on the cybersecurity skills shortage and gap in two distinctive areas. Firstly, it provides an overview of the current supply of cybersecurity skills in Europe through an analysis of…

National / EU authorities

Methodology for Sectoral Cybersecurity Assessments

The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity certification…
Private Sector

Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…
National / EU authoritiesPrivate Sector

CTF Events

This report addresses the contemporary use of capture-the-flag (CTF) competitions around the world. It first provides background on such competitions, their structure and variations. Analyses of recent competitions is then conducted, comprising an…
National / EU authoritiesPrivate Sector

Cybersecurity Research Directions for the EU’s Digital Strategic Autonomy

The focus of this work is to identify the necessary research priorities to support the EU’s digital strategic autonomy and thus digital sovereignty. In this introductory chapter, we (i) analyse how the terms ‘digital strategic autonomy’ and ‘digital…
National / EU authorities

ECSC 2020 Analysis Report

This report analyses the efforts provided by ENISA and national partners during the 2020 to support the growing of the European Cyber Security Challenge. The 7th Edition of the European Cyber Security Challenge, ECSC2020 planned initially for the…
National / EU authorities

Towards a Common ECSC roadmap

This report aimed to identify the key factors enabling the success of a national cybersecurity competition and to give a snapshot of the current situation in the EU and ECSC partner countries. To do that, we conducted a dozen of interviews with…
National / EU authorities

Cybersecurity Certification: Candidate EUCC Scheme

Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…
National / EU authoritiesPrivate Sector

Advancing Software Security in the EU

This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to…
Private Sector

Cybersecurity Skills Development in the EU

This report focuses on the status of the cybersecurity education system and the inability to attract more students in studying cybersecurity and to produce graduates with “the right cybersecurity knowledge and skills”. It argues that many of the…
National / EU authorities