Publications

Featured publications

ENISA NIS360

This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…

All publications

Publish Date

ENISA Threat Landscape 2020 - Ransomware

The report outlines the findings on ransomware, provides a description and analysis of the domain and lists relevant recent incidents. A series of proposed actions for mitigation is provided

ENISA Threat Landscape 2020 - Spam

The report details the different spamming techniques and provides a series of actions for mitigating spam messages.

ENISA Threat Landscape 2020 - Sectoral/thematic threat analysis

Apart from indicating adversaries’ motivations, the report provides evidence about the most common attack techniques and threat exposure applying to a particular sector, thus indicate protection requirements and priorities.

ENISA Threat Landscape 2020 - Malware

The report provides an overview and findings of malware, identifies trends and proposes actions for malware mitigation.

ENISA Threat Landscape 2020 - Phishing

The report outlines the findings related to phishing, provides an overview of the trends in this domain and details the top phishing themes in 2019. A series of proposed actions for mitigation is provided

ENISA Threat Landscape 2020 - Information Leakage

The report outlines the findings on information leakage, provides a description and analysis of the domain and lists relevant recent incidents. A series of proposed actions for mitigation is provided

Telecom Services Security Incidents 2019 Annual Analysis Report

Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a…

Trust Services Security Incidents 2019 Annual Analysis Report

This report gives an aggregated overview of Trust Services Security Incidents in 2019, showing root causes, statistics and trends. It marks the fourth round of security incident reporting for the EU’s trust services sector. The annual summary…

Cybersecurity Certification: Candidate EUCC Scheme

Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor…