Publications

Featured publications

ENISA Threat Landscape 2025

September 30, 2025 Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS2 Technical Implementation Guidance

June 25, 2025 Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

March 04, 2025 Download

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

All publications

Compendium of Risk Management Frameworks with Potential Interoperability

13 January, 2022

This report presents the results of desktop research and the analysis of currently used cybersecurity Risk Management (RM) frameworks and methodologies with the potential for interoperability. The identification of the most prominent RM frameworks…

Securing Machine Learning Algorithms

14 December, 2021

Based on a systematic review of relevant literature on machine learning, in this report we provide a taxonomy for machine learning algorithms, highlighting core functionalities and critical stages. The report also presents a detailed analysis of…

Countering SIM-Swapping

6 December, 2021

In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of…

How to Avoid SIM-Swapping - Leaflet

6 December, 2021

This leaflet, addresses the SIM-swapping attacks, how to recognise them and how to mitigate the risk connected to this fraud. In fact, subscriber Identity Module (SIM) swapping is a legitimate procedure performed by a customer to change their SIM…

Raising Awareness of Cybersecurity

29 November, 2021

This report seeks to assist EU Member States in further building their cybersecurity capacities by analysing best practices on raising citizens’ awareness of cybersecurity. We have collected information and evaluated the intensity, regularity and…

Foresight Challenges

22 November, 2021

This report aims to highlight the most relevant foresight methods based on ubiquity or suitability to ENISA’s core needs to adequately address future cybersecurity threats and shape a more secure society. In fact, foresight enables reflection on…

CSIRT Capabilities in Healthcare Sector

11 November, 2021

An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…

ENISA Threat Landscape 2021

27 October, 2021

This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation…

Methodology for Sectoral Cybersecurity Assessments

13 September, 2021

The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity certification…

threat andscape for supply chain attacks

Threat Landscape for Supply Chain Attacks

29 July, 2021

This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and…