Publications

Featured publications

ENISA NIS360

This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…

All publications

Publish Date

SME CRA Survey Report

ENISA is is working on practical guidance, tools and support activities tailored to the realities and needs of smaller organisations, to help small and medium-sized enterprises (SMEs) understand and implement the Cyber Resilience Act (CRA). This…

SBOM Adoption State of Play - 2026

ENISA launched a survey at the end of 2025 to gather factual data on how organisations across industries and of varying sizes are approaching Software Bill of Materials (SBOM) adoption in response to the EU Cyber Resilience Act (CRA). This report…

ENISA Technical Advisory for Secure Use of Package Managers

This document focuses on how developers can securely use package managers as part of their software development life cycle. In particular, this document, outlines common risks involved in the use of third-party packages, presents secure practices…

Voices of EU Cybersecurity Certification

A special publication by ENISA that incorporates feedback from stakeholders involved in building, maintaining, operating, and applying the first EU cybersecurity certification schemes.

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

ENISA Sectorial Threat Landscape - Public Administration

This ENISA sectorial threat landscape report provides an overview of the cyber threats faced by the public administration sector in the EU in 2024. Drawing on open-source information, the report highlights the key threats that impacted the sector…

ENISA Threat Landscape 2025

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

Cyber Hygiene in the Health Sector

This booklet, developed by ENISA, provides clear and targeted guidance with practical steps that health entities can take to:
-  Safeguard sensitive data
- Minimise exposure to common cyber threats-
- Strengthen overall cyber…

ENISA Cybersecurity Threat Landscape Methodology

This publication outlines the updated ENISA Cybersecurity Threat Landscape (CTL) methodology, building on the 2021 Threat Landscape Report and the 2022 methodology. It aims to provide a more actionable and streamlined approach for producing…

Cybersecurity roles and skills for NIS2 Essential and Important Entities

 ENISA in line with articles 6 and 10 of the Cybersecurity Act , prepared this guidance document on the skills and roles for the cybersecurity professionals needed to meet these legal requirements effectively. The guidance is based on the…