This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…
The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.
…
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…
In this report, ENISA contributes to both practice and research on the cybersecurity skills shortage and gap in two distinctive areas. Firstly, it provides an overview of the current supply of cybersecurity skills in Europe through an analysis of…
This report aims to highlight the most relevant foresight methods based on ubiquity or suitability to ENISA’s core needs to adequately address future cybersecurity threats and shape a more secure society. In fact, foresight enables reflection on…
Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of…
An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…
This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation…
The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity…
This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020…
Article 19 of the eIDAS regulation sets out the security requirements for the trust service providers (TSPs) and introduces mandatory security breach reporting for trust service providers (TSPs) in the EU. This report provides an aggregated…
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications…
European Union telecom security legislation has been changing over the last few years. In light of these policy changes, ENISA carried out an assessment of the implementation of EU telecom security policy, to inform policy makers in the…
Stay updated with ENISA! Sign up for email alerts on publications, events, vacancies, and more.
