Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement

This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation,…
National / EU authorities

Improving Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects

This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the legal and organisational aspects, identifying current shortcomings…
National / EU authorities

Stock taking of information security training needs in critical sectors

The primary objective of this project is to provide a mapping of ENISA’s training program and a strategy to adapt it in the light of the recently adopted EU NIS Directive, catering for the needs of the identified critical sectors.

Private Sector
annual incident analysis report for the trust service providers

Annual Incident Analysis Report for the Trust Service Providers

This report provides an analysis and evaluation of the incident reporting procedure in the EU under the Article 19 of the eIDAS Regulation (2014/910/EC). Considering the fact that only the second half of 2016 was applicable and moreover that this…
Private Sector

Recommendations on European Data Protection Certification

The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.
National / EU authorities

Baseline Security Recommendations for IoT

The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a…
Private Sector

Commonality of risk assessment language in cyber insurance

While several risk assessment languages and frameworks exist in cyber-insurance, the industry has yet to take steps in the direction of harmonisation. This report aims at further investigating this issue by identifying the incentives and barriers…

Considerations on ICT security certification in EU - Survey Report

Over the last years, ENISA has engaged in a number of activities in pursuit of supporting the Commission and the Member States in identifying a way forward on the certification of ICT security products and services, which on the one hand seeks to…
National / EU authorities

Cyber Europe 2016: After Action Report

Cyber Europe 2016 was the fourth pan-European cyber crisis exercise organised by the European Union Agency for Network and Information Security (ENISA). Over 1 000 participants working mostly in the ICT sector, from public and private organisations…
National / EU authorities

Security guidelines on the appropriate use of qualified electronic registered delivery services

This document addresses qualified electronic registered delivery services and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website…
Private Sector