Press Release

Good practices under the National Cyber Security Strategies

We promote member states innovation in cybersecurity through national cybersecurity strategies.

Published on January 29, 2020

Innovation in cybersecurity is a key enabler to facilitate progress in the NIS industry, boost employment in the cybersecurity sector and growth of EU GDP. Today, ENISA publishes the Good Practices in Innovation under NCSS Report that analyses the current landscape for supporting innovation in cybersecurity in the EU. ENISA’s study presents good practices and challenges from the Member States whilst trying to execute innovation as a strategic priority of their National Cyber Security Strategies (NCCS).

The report focuses on:

  • Understanding the current landscape and mechanisms for supporting innovation in cybersecurity in the EU;
  • Understanding the financial supporting mechanism in each Member State from the public sector (R&D funds) and how research results can end up as products on the market;
  • Sharing good practices;
  • Proposing recommendations to relevant stakeholders to foster the growth of innovation in cybersecurity in the EU.

The analysis of the report is structured around several aspects of innovation such as:

Innovation Priorities, Industrialisation and Collaboration and Market and Policy. The study identifies a set of challenges and good practices, as stakeholders perceive them, across the different innovation aspects. The identification of these challenges may help in recognising relevant actions for addressing them and also in drafting future innovation strategic objectives.

Juhan Lepassaar, Executive Director of ENISA: “The CSA, the NIS Directive and the GDPR incentivised innovation in relevant areas of cybersecurity and data protection. To encounter current and emerging cybersecurity risks and threats, EU Member States need to strengthen and adjust their national capabilities by developing innovative solutions and objectives under their NCSS.''

Key findings and recommendations

The main key findings and recommendation of the study include:

  • Member States follow different approaches to support innovation in the context of National Cyber Security Strategies. In some cases, Member States promote the creation of new skills and capabilities around digital competences such as InCoDe2030 programme in Portugal. In other cases, they create networks of stakeholders giving them a mandate on innovation. These networks are either government driven, such as INCIBE, the National Cybersecurity Agency in Spain or industry driven, such as Cyber Ireland. Innovation activities are also driven by national institutions and research centres such as NASK Poland.
  • There is difficulty for governments to understand the needs of the industry, as well as to develop expertise in dealing with Public Private Partnerships. To align with industry needs and identify opportunities for adopting or commercialising research outcomes, Member States need to involve industry directly in research and innovation activities. ENISA has developed a study on “Effective Collaborative Models on PPPs” with guidelines and recommendations for the development of PPPs in Europe.
  • Dedicated funding mechanisms and initiatives often focus on varied research and innovative objectives rather than being specific on cybersecurity.  Supporting and developing sector specific innovation priorities is important for coordinating alternative funding mechanisms and develop a sectorial approach to innovation in cybersecurity. It is necessary to take into account different cybersecurity needs across sectors and develop sector specific innovation priorities both at National and EU level. A good example is CyberSecIdent in Poland the aims at increasing the security of cyberspace of the Republic of Poland.
  • Lengthy procurement processes prevent SMEs and innovative companies such as start-ups to offer their services to the public sectors. Supporting adequate level of funding and providing economic incentives such as tax incentives may accelerate the adoption of new technologies, products and services. The Swedish Innovation Agency allocates a large amount of funds for innovation in cybersecurity.
  • Geographical clusters are important mechanisms that support innovation. There are several initiative that bring people together, such as the Brussels initiative on Cybersecurity Innovation.
  • Promoting EU level certification of services/products would enhance trust for users within the EU and provide a stamp of approval for international markets.


ENISA’s work on NCSS:

ENISA has developed the NCSS Interactive map to note the progress of Member States in implementing their national cybersecurity strategies. The interactive map is an info hub with information provided by the MS.

ENISA is working on the topic of National Cyber Security Strategies since 2012 and support the efforts of Member States MS by:

Further Informations:

Good Practices in Innovation under NCSS Report

NCSS Interactive map

For Interviews:

For further queries or interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information