Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date
ENISA Report - Request to ENISA 2019

ENISA Report - Request to ENISA 2019

The following document provides information of requests handled by the Agency pursuant to the ENISA Founding Regulation as contained in the EU Cybersecurity Act (Regulation (EU) 2019/881). The report does not apply to requests that are described…

National / EU authorities

Pseudonymisation techniques and best practices

This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can…
Private Sector

EU Member States incident response development status report

Following the recent transposition of the NIS Directive1 (NISD) into European Member States (MS) legislation, this study aims to analyse the current operational Incident Response set-up within NISD sectors2 and identify the recent changes. The study…
National / EU authorities

Port Cybersecurity - Good practices for cybersecurity in the maritime sector

Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their…
Private Sector

ENISA good practices for security of Smart Cars

This report defines good practices for security of smart cars, namely connected and (semi-) autonomous vehicles, providing added-value features in order to enhance car users’ experience and improve car safety. Taking stock of all existing…
Private Sector
enisa threat landscape for 5g networks

ENISA threat landscape for 5G Networks

This report draws an initial threat landscape and presents an overview of the challenges in the security of 5G networks. Its added value lays with the creation of a comprehensive 5G architecture, the identification of important assets (asset diagram…
National / EU authoritiesPrivate Sector

Good Practices for Security of IoT - Secure Software Development Lifecycle

This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT…
Private Sector

SOG-IS Transposition

the overall scope of this study was to explore and provide an analysis of any likely impediments introduced by the Cybersecurity Act proposal [CSA_P] on a possible transposition of the existing SOG-IS MRA while identifying open challenges that…
National / EU authorities

Good practices in innovation on Cybersecurity under the NCSS

ENISA supports the efforts aimed to enhance the overall level of cybersecurity in the Member States (MS) both at a national and EU level. This report supports that effort by analysing how Member States are approaching innovation as a strategic…

National / EU authorities

Assessment of ETSI TS 119 403-3 related to eIDAS

This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take place…
Private Sector