Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

November 29, 2024 Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

September 17, 2024 Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

February 27, 2024 Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

ENISA Threat Landscape Methodology

6 July, 2022

By establishing the ENISA Cybersecurity Threat Landscape (CTL) methodology, the Agency aims to set a baseline for the transparent and systematic delivery of horizontal, thematic, and sectorial cybersecurity threat landscapes. The following threat…

Coordinated Vulnerability Disclosure Policies in the EU

13 April, 2022

This report analyses information and presents an overview of coordinated vulnerability disclosure (CVD) policies at the national level within the EU. Aside from offering a comprehensive overview of the EU CVD state of play, it also provides high-…

Deploying Pseudonymisation Techniques

24 March, 2022

Pseudonymisation is increasingly becoming a key security technique for providing a means that can facilitate personal data processing, while offering strong safeguards for the protection of personal data and thereby safeguarding the rights and…

Data Protection Engineering

27 January, 2022

Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data…

Digital Identity: Leveraging the SSI Concept to Build Trust

20 January, 2022

The maintenance of continuity in social life, businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity. This report explores the potential of self-sovereign identity (SSI)…

Remote Identity Proofing - Attacks & Countermeasures

20 January, 2022

Remote identity proofing is a crucial element in creating trust for digital services. The present study analyses the collection and validation of evidence provided by the applicant to complete the verification of his or her identity. More…

Countering SIM-Swapping

6 December, 2021

In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of…

How to Avoid SIM-Swapping - Leaflet

6 December, 2021

This leaflet, addresses the SIM-swapping attacks, how to recognise them and how to mitigate the risk connected to this fraud. In fact, subscriber Identity Module (SIM) swapping is a legitimate procedure performed by a customer to change their SIM…

Foresight Challenges

22 November, 2021

This report aims to highlight the most relevant foresight methods based on ubiquity or suitability to ENISA’s core needs to adequately address future cybersecurity threats and shape a more secure society. In fact, foresight enables reflection on…

ENISA Threat Landscape 2021

27 October, 2021

This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack…