Publications

Featured publications

ENISA Threat Landscape 2025

Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS Investments 2025

Download

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy
translates in practice across organisations in the EU and its effects on their investments, resources, and operations.…

NIS2 Technical Implementation Guidance

Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

All publications

By topics

By type

Publish Date

7 Steps to shore up the Border Gateway Protocol (BGP)

In this paper ENISA highlights the security vulnerabilities of BGP and explains why it is so important to address them. Working closely with experts from industry ENISA derived a shortlist of 7 basic BGP security measures which are industry good…
Private Sector

Challenges and opportunities for EU cybersecurity start-ups

Based on extensive analysis of the identified challenges and opportunities, as well as on feedback collected from a panel of experts, this report proposes a set of recommendations to start-ups and SMEs active in the NIS market.
Private Sector

ENISA CSIRT maturity assessment model

This is the updated version of the "Challenges for National CSIRTs in Europe in 2016: Study on CSIRT Maturity" published by ENISA in 2017. The study takes all relevant information sources into account, with a special emphasis on the NIS Directive,…
National / EU authoritiesPrivate Sector

Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity

The present report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point…
Private Sector

Cybersecurity Culture Guidelines: 'Technical Annex: Evidence Reviews'

This technical annex contains the four reviews that supported the writing of the report Review of “Behavioural Sciences Research in the Field of Cybersecurity”. The reviews are: 1. Measurement of cyber security attitudes and behaviours, 2.…
Private Sector

ENISA Maturity Evaluation Methodology for CSIRTs

This is the updated version of the "Study on CSIRT Maturity – Evaluation Process" published by ENISA in 2017. The new version (v.2) reflects values that are consistent with other documents and studies on CSIRT maturity.
National / EU authoritiesPrivate Sector

Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
Private Sector

European Cybersecurity Month 2018 - Deployment Report

This report summarises the activities carried out by ENISA and the participating Member States for the European Cybersecurity Month 2018 and presents the evaluation and conclusions of the campaign. The ECSM campaign was successfully executed across…
Private Sector

ICT security certification opportunities in the healthcare sector

The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.
Private Sector

ENISA’s PETs Maturity Assessment Repository

The present report aims at detailing the outcomes of the project that aimed to promote the ENISA’s PETs repository (and underlying PETs maturity assessment methodology) by 1) Engaging the privacy community into its use, and 2) Providing a plan for…
Private Sector