News Item

Going to the market for Cybersecurity Market Analysis

The European Union Agency for Cybersecurity (ENISA) organised its first conference on cybersecurity market analysis last week for EU cybersecurity market stakeholders to share experiences and initiate the debate on how to best perform EU cybersecurity market analysis.

Published on December 01, 2022

The objective of the market conference held in Brussels on 23-24 November during the Certification week organised by ENISA, was to promote a policy debate in the area of cybersecurity market analysis. It allowed stakeholders to share their experiences and views on aspects of cybersecurity and what they perceive to be the EU market thereof.

Focusing primarily on cloud services, suppliers and users of cybersecurity services, national and European regulators, and research organisations shared the main cybersecurity market trends. They also addressed the questions raised by the evolution of the European cybersecurity regulatory framework and the impact it is likely to have on their affairs and businesses. Such feedback is essential to identify current gaps in the market, seize business opportunities and assess the impact of the cybersecurity requirements.

Lorena Boix Alonso is Director for Digital Society, Trust and Cybersecurity inat the European Commission’s Directorate General for Communications Networks Content and Technology (DG CONNECT), stated: "The EU Cybersecurity sector grows fast to match increased digitisation and cyber threats. The European Cyber Competence Center and the EU Agency for Cybersecurity-ENISA are instrumental to increase the EU cyber posture, respectively contributing to strategic investments on cyber capabilities and operational guidance on cyber resilience. We already have a strong research basis on cyber in the EU, but lag behind on turn that research into market impact. We also suffer from a shortage of skilled cyber workers, which is why the Commission will work with others to build a European Cybersecurity Skills Academy."

ENISA Executive Director, Juhan Lepassaar said: "We need to make sure our cybersecurity market is fit for our purpose to make the EU cyber resilient. The market analysis framework developed by ENISA will help identify potential loopholes and map synergies at work. With the right tools and insights from the experience of all our stakeholders across the EU Member States, cybersecurity market analysis will allow us to better understand where to apply our efforts to improve our efficiency."


During the event, speakers and participants engaged in a lively discussion concerning a host of cybersecurity market aspects. Key conclusions include the following:

  • Cybersecurity market analysis should adopt methodologies, that are designed to capture sectoral specificities.
  • The Cybersecurity Resilience Act is a ground-breaking piece of draft legislation, which enhances transparency in the cybersecurity market. At the same time, it is important to ensure alignment with other pieces of legislation to seamlessly cover the spectrum that includes, internal market, cybersecurity and resilience policies.
  • It is necessary to close the skills gap in order to improve and hopefully unleash the full potential of the EU cybersecurity market.
  • The level of investment in cloud security infrastructure in the European cybersecurity market lags the efforts across other regions (e.g. US).
  • Governments should hold an inventory of the service providers operating in the EU market that make available cybersecurity services when needed (e.g. state-sponsored attacks).
  • Cybersecurity certification schemes need to remain proportionate to the investment potential of SMEs.


The conference that mobilised about 35 speakers, was organised across a range of discussion panels covering the following 6 key topics:

  1. Overview of the EU regulatory approach on cybersecurity;
  2. EU digital single market: cybersecurity requirements;
  3. Current Practices in Market Analysis and interplay with cybersecurity;
  4. Cybersecurity market: cooperation, innovation and investment strategies;
  5. Strengths, weaknesses, opportunities and threats for the EU cloud cybersecurity market;
  6. Cybersecurity certification – driver for the EU cybersecurity market.

A sound market analysis can help market players and regulators make informed decisions on cybersecurity devices or services to use, policy initiatives and research and innovation funding.

For this purpose, ENISA developed a framework to carry out cybersecurity market analysis and it applied it already to the market of the Internet of Things (IoT) distribution grid. The focus shifted to cloud services in 2022.

A dedicated Ad Hoc Working Group (AHWG) on the EU Cybersecurity Market has been of assistance to ENISA.

Target audience

  • EU institutions, bodies and Agencies;
  • Member States/public authorities;
  • ENISA stakeholder groups;
  • Service providers;
  • Independent experts;
  • Industry and industry associations;
  • Research institutions and research related entities;
  • Consumer organisations/associations.

Further information

Cybersecurity Market Analysis Framework – ENISA report 2022

EU Cybersecurity Market Analysis – IoT in Distribution Grids – ENISA report 2022


For press questions and interviews, please contact press (at)

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies