ENISA is launching this call for expression of interest in taking part in the ENISA survey on Managed Security Services (MSS). The deadline to express interest in participating in this survey is 25 October 2024.
The ENISA survey on MSS is expected to be launched during the first week of October and to remain open for around one month.
The survey will focus on the MSS market, including MSS adoption and use, MSS needs and capabilities, MSS offerings, to MSS-related threats, requirements and challenges, regulatory practices for MSS, MSS-related research, and regulatory practices for MSS. For the performance of the MSS survey, ENISA has contracted the Bocconi University - Università Commerciale Luigi Bocconi.
The MSS survey will target namely the following stakeholder types:
- demand-side (i.e., users of MSS, both from the public and private sector);
- supply-side (i.e., providers of MSS);
- researchers (i.e., members of organisations conducting research on MSS); and
- bodies involved in regulatory activities (i.e., competent national regulatory bodies active in the regulatory activities in MSS).
The data collected by the ENISA survey on MSS will be used:
- to compile the ENISA report on MSS market analysis, to be performed by applying the ENISA Cybersecurity Market Analysis Framework (ECSMAF) Version 2.0 (V2.0), and that is expected to be made available on the ENISA website
- to assess standardisation and certification needs in the area of MSS and serve as input in the CSA amendment, in particular regarding prospective certification activities
- to map the services needed by the users of the EU Cybersecurity Reserve foreseen in the Cyber Solidarity Act to be adopted this year.
The data collected and stored through the ENISA survey on MSS are not personal data according to GDPR. Similarly, the access to the survey tool used, is performed anonymously via a single URL for all survey participants (for more details see the privacy statement here).
The above mentioned target groups may benefit from contributing to the ENISA survey:
Demand-side organisations and regulatory bodies:
- The produced ENISA MSS market analysis will deliver information on common MSS user requirements, threat exposure, perceived market barriers and common models of MSS usage and more.
- The communicated certification requirements will serve as input in the CSA amendment regarding prospective ENISA certification activities.
- The communicated MSS requirements from EU Member States and public sector will serve as input for the services needed for the Cyber Solidarity Act to be adopted this year.
Supply-side organisations:
- The produced ENISA MSS market analysis will be useful for understanding demand requirements, perceived threat exposure, trends in models of MSS usage, and more.
- Communicated certifications already attested in MSS offerings will serve as input into the CSA amendment, in particular regarding prospective certification activities
- The data collected on MSS offerings of participating vendors will serve as input into the Cybersecurity Reserve, that is foreseen within the Cyber Solidarity Act to be adopted this year.
Research organisations:
- The produced ENISA MSS market analysis will be useful for understanding supply and demand requirements, perceived threat exposure, market trends and trends in models of MSS usage, market barriers, as well as innovation and research needs.
The compilation of the survey is expected to take
- for the demand-side and supply-side respondents around one to one and a half hours;
- for research stakeholders and regulatory bodies around half to one hour.
ENISA offers the possibility of assistance to fill the survey. This assistance will be provided by a team of external experts who will be in the position to guide survey respondents through the survey and help them filling it in.
Survey respondents are expected to have a good overview of the cybersecurity policy of their organisation and be familiar with details of their services, as well as be able to provide basic financial figures of their organisation. Indicative examples of organisational roles for the different stakeholder types are:
- Demand-side: IT-security architects, cybersecurity engineers, IT operators;
- Supply-side: product or service architects, cybersecurity engineers, product or service developers;
- Research organisations: researchers conducting research in the area of MSS;
- Regulatory bodies: regulator staff responsible for MSS
You can express your interest in taking part in the survey and providing your valuable input to the ENISA cybersecurity market analysis focused on MSS by filling in the following form. Once you have registered for the survey, ENISA is going to send you a URL to the survey page. You can indicate in the form below whether an assistance is required. If you indicate that you would like to have support, the survey assistant will contact you to arrange for an appointment.