Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

ENISA Threat Landscape (ETL) report is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Recommendations on European Data Protection Certification

The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.
National / EU authorities

Considerations on ICT security certification in EU - Survey Report

Over the last years, ENISA has engaged in a number of activities in pursuit of supporting the Commission and the Member States in identifying a way forward on the certification of ICT security products and services, which on the one hand seeks to…
National / EU authorities

Cyber Europe 2016: After Action Report

Cyber Europe 2016 was the fourth pan-European cyber crisis exercise organised by the European Union Agency for Network and Information Security (ENISA). Over 1 000 participants working mostly in the ICT sector, from public and private organisations…
National / EU authorities
annual incident reports 2016

Annual Incident Reports 2016

For the sixth year, ENISA publishes the annual report about significant outage incidents in the European electronic communications sector, which are reported to ENISA and the European Commission under Article 13a of the Framework Directive (2009/…

National / EU authorities

Recommendations on aligning research programme with policy

The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and…
National / EU authorities

Gaps in NIS standardisation - Recommendations for improving NIS in EU standardisation policy

This report recommends that the European Commission, with the support of the Member States, pursuant to the NIS Directive, adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of…
National / EU authorities

Article 19 Incident reporting

The focus of this document is the implementation of incident reporting and it aims at supporting the su-pervisory bodies in being aligned with obligations set out in Article 19. The Article 19 incident reporting framework has been prepared in…
National / EU authorities
enisa threat landscape report 2016

ENISA Threat Landscape Report 2016

The ENISA Threat Landscape 2016 - the summary of the most prevalent cyber-threats – is sobering: everybody is exposed to cyber-threats, with the main motive being monetization. The year 2016 is thus characterized by “the efficiency of cyber-crime…
National / EU authoritiesPrivate Sector

Challenges of security certification in emerging ICT environments

This report aims to provide decision makers with a thorough description of the security certification status concerning the most impactful equipment in five different critical business sectors. Results of this study should help to improve and…
National / EU authorities

A good practice guide of using taxonomies in incident prevention and detection

The aim of this document is to provide good practices on using taxonomies for incident detection and prevention by taking into account the input received from the CSIRT community and relevant information from previous ENISA studies. In addition, it…
National / EU authoritiesPrivate Sector