News Item

Spotlight on incident reporting of telecom security and trust services

The European Agency for Cybersecurity releases today a new visual tool to increase transparency about cybersecurity incidents.

Published on June 09, 2020

Today ENISA, the EU Agency for Cybersecurity, releases a new version of CIRAS, a tool for statistical analysis of cybersecurity incidents. Two new sets of EU data on cybersecurity incident were made available:

  • Telecom security incidents reported for the year 2019
  • Trust services security incidents for 2016-2019.

The online visual tool, accessible to the public, now gives access to 8 years of telecom security incidents, and 4 years of trust services incident reports: a total of 1100 cybersecurity incidents. The new visual tool allows for analysis of multiannual trends. 

Mandatory cybersecurity incident reporting is a corner stone of cybersecurity legislation in the EU. Cybersecurity incident reporting gives the national authorities in Europe vital information about the root causes and overall impact of major incidents. Every year national authorities send summaries of these major cybersecurity incidents to ENISA for aggregation and analysis at EU level. ENISA publishes statistics in yearly reports and gives access to aggregated and anonymised data in the online visual tool, to increase transparency about cybersecurity incidents. This online visual tool allows for custom analysis of trends and patterns. For example, the user is able to select a specific time-period or specific root cause categories and get custom statistics about detailed causes and assets affected. ENISA also maintains a private repository for the national authorities.

You can access the tool via the following link:

ciras logo

Cybersecurity Incident Report and Analysis System

Background and legal base:

ENISA has been supporting the EU telecom security authorities with the implementation of EU wide telecom breach reporting, under Article 13a of the Framework directive since 2010.

Under this framework, ENISA develops procedures, templates, tooling and analysis and publishes an annual report with aggregated statistics about the telecom security incidents with significant impact since 2012.

ENISA has been supporting supervisory bodies in the EU with cybersecurity breach reporting for trust services under Article 19 of the eIDAS regulation since 2016. Besides, ENISA also started to support the NIS cooperation group with the cybersecurity incident reporting along the provisions of the NIS Directive.

ENISA will be publishing the detailed annual reports in the coming weeks. The following two trends are highlighted:

Root causes of telecom security incidents

Over the last 4 years, the most common root cause of telecom security incidents is system failures (412 out of 637 incidents). The second most common root cause is human errors with nearly a fifth of total incidents (19%, 119 incidents in total). Natural phenomena are the third root cause with 11% while only 4% of the incidents are categorized as malicious actions. ciras 1

Root cause categories of trust services security incidents

Over the 4 years of trust services security incident reporting, the most common root cause is System failures (60%). Around a fifth of the reported incidents were due to human errors and a fifth of the incidents were flagged as malicious actions. Natural phenomena are not a common root cause in this sector. This sector operates differently than the telecom one. With large-scale aboveground infrastructure for the mobile networks, the telecom sector is more vulnerable to natural phenomena.ciras 2

Further Information

For more information on ENISA’s work on incident reporting and security regulation (Article 13a and Article 19), please visit our dedicated website's topic Incident Reporting.

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies