Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

ENISA’s PETs Maturity Assessment Repository

The present report aims at detailing the outcomes of the project that aimed to promote the ENISA’s PETs repository (and underlying PETs maturity assessment methodology) by 1) Engaging the privacy community into its use, and 2) Providing a plan for…
Private Sector

ICT security certification opportunities in the healthcare sector

The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.
Private Sector
enisa threat landscape report 2018

ENISA Threat Landscape Report 2018

2018 was a year that has brought significant changes in the cyberthreat landscape. Those changes had as source discrete developments in motives and tactics of the most important threat agent groups, namely cyber-criminals and state-sponsored actors
National / EU authoritiesPrivate Sector

Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation

The scope of this report is to explore the concept of pseudonymisation alongside different pseusonymisation techniques and their possible implementation. The report is part of ENISA's work in the area of privacy and data protection, which focuses on…
Private Sector

Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default

This report aims to shed some light on what the data-protection-by-default principle means in information technology design, what is the situation today, as well as how the new GDPR obligation could support controllers in selecting data-protection-…
Private Sector

Reinforcing trust and security in the area of electronic communications and online services

This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of…
Private Sector

Good practices on the implementation of regulatory technical standards

MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
Private Sector

IoT Security Standards Gap Analysis

This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.
Private Sector

Towards global acceptance of eIDAS audits

The goal of the study is to explore the eIDAS Conformity Assessment Report (CAR), the corresponding audit requirements, gaps arising from comparison with competing audit schemes, and the emergent issues at the core of the global conversation between…
Private Sector
technical reports on cybersecurity situation the state of cyber security vulnerabilities

State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities

The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
National / EU authoritiesPrivate Sector