Publications

Featured publications

ENISA Threat Landscape 2025

Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS Investments 2025

Download

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy
translates in practice across organisations in the EU and its effects on their investments, resources, and operations.…

NIS2 Technical Implementation Guidance

Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

All publications

By topics

By type

Publish Date

A Governance Framework for National Cybersecurity Strategies

This study focuses on the good practices around the set-up and deployment of a governance framework to support the implementation of the NCSS in the EU. The main aim of this statistical outline is to give an overview of the key findings of the…

National / EU authorities

Demand Side of Cyber Insurance in the EU

The report analyses current perspectives and challenges of Operator of Essential Services (OESs) related to the acquirement of cyber insurance services. Information and statistics are presented according to the selection, acquisition and use of…
National / EU authoritiesPrivate Sector

Interoperable EU Risk Management Toolbox

This document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information security RM methods. The toolbox aims to facilitate the smooth integration of various RM methods in an…

National / EU authoritiesPrivate Sector

ENISA Single Programming Document 2023-2025

Including multiannual planning, work programme 2023 and multiannual staff planning.

Developing National Vulnerabilities Programmes

Based on the experiences and perspectives gathered from industry players and national governments, as well as on the documentation developed by multiple actors involved with national vulnerability initiatives and programmes, the EU Coordinated…
National / EU authoritiesPrivate Sector
sustained activity by specific threat actors joint publication

Sustained Activity by Threat Actors- Joint Publication

ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team of all the EU institutions, bodies and agencies (EUIBAs), have issued a joint publication to alert on sustained activity by particular threat actors. Malicious…
National / EU authorities

Engineering Personal Data Sharing

This report attempts to look closer at specific use cases relating to personal data sharing, primarily in the health sector, and discusses how specific technologies and considerations of implementation can support the meeting of specific data…
Private Sector

Interoperable EU Risk Management Framework

This report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents related results. The methodology used to evaluate interoperability stemmed from extensive research of…
National / EU authoritiesPrivate Sector

Cybersecurity Education Initiatives in the EU Member States

Today, the internet is a tool used in many educational activities, which increases the amount of time children are exposed to cyberspace and its risks. Informing young users about the importance of maintaining personal privacy is not enough to keep…
National / EU authoritiesPrivate Sector

Cyber Europe 2022: After Action Report

Findings from a PAN-EUROPEAN cyber crisis Exercise
National / EU authorities