Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Qualified Website Authentication Certificates

This report proposes six strategies and twelve recommended actions as an escalated approach that targets the most important aspects detected to be critical for (i) improving the website authentication market in Europe and (ii) successfully…
Private Sector

Common practices of EU-level crisis management and applicability to the cyber crises

Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
National / EU authorities

Readiness Analysis for the Adoption and Evolution of Privacy Enhancing Technologies

This report aims at developing a methodology that allows to compare different Privacy Enhancing Tech-nologies (PETs) with regard to their maturity, i.e., their technology readiness and their quality concerning the provided privacy notion. The report…

Impact evaluation on the implementation of Article 13a incident reporting scheme within EU

As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome…
National / EU authorities

Security incidents indicators - measuring the impact of incidents affecting electronic communications

Measuring the impact of incidents has become one of the toughest challenges nowadays, given the multitude of factors/indicators that must be taken into consideration. To address this issue, indicators are used, accompanied by thresholds, to assess…

Big Data Security

The study aims at identifying the key security challenges that the companies are facing when implementing Big Data solutions, from infrastructures to analytics applications, and how those are mitigated. The analysis focuses on the use of Big Data by…

NIS Directive and national CSIRTs

This is an informative note on what provisions of the upcoming NIS Directive might mean for CSIRTs. It contains references to parts of the Directive, and some comments and proposals from our side. By no means we consider this document fix or final,…
National / EU authorities

Analysis of security measures deployed by e-communication providers

The aim of this document is to provide an overview of good practices as regards security measures that are deployed by electronic communication providers in Europe

Communication network interdependencies in smart grids

This study focuses on the evaluation of the interdependencies and communications between all the assets that make up the new power grids, their architectures and connections in order to determine their importance, threats, risks, mitigation factors…

ENISA Threat Landscape 2015

This report, the ENISA Threat Landscape 2015 (ETL 2015), is the result of an analysis of cyber-threats that have been encountered in the last 12 months, that is, approximately between December 2014 and December 2015. ETL 2015 is the fourth in a…