What we do

Cybersecurity is a shared responsibility. Europe strives for a cross sectoral, all-inclusive framework for cooperation. ENISA plays a vital role in fostering cooperation among cybersecurity stakeholders (Member States, Union entities and other communities). In these efforts, ENISA emphasises complementarity, engages stakeholders based on their expertise and role in the ecosystem and creates new synergies. The goal is to empower communities to enhance cybersecurity efforts exponentially through strong multipliers across the EU and globally.

New technologies, whether still in their infancy or close to mainstream adoption, create novel cybersecurity opportunities and challenges that would benefit from the use of foresight methods. Strategic foresight is not only about technologies but should include additional dimensions, such as political, economic, societal, legal and environmental aspects to name a few. Through a structured process enabling dialogue among stakeholders and in coordination with other EU initiatives on research and innovation, foresight would be able to identify the opportunities and support early strategies to mitigate the challenges in improving EU resilience to cybersecurity threats. To fully reach its goal, foresight should be addressed as a transversal principle across all ENISA’s strategic objectives.   

Efficient and effective but also consolidated information and knowledge is the foundation of informed decision-making, as well as proactive and reactive protection and resilience through better understanding of the threat landscape. The much-needed common understanding and assessment of EU’s cybersecurity maturity relies on information and knowledge. Consolidating and sharing cybersecurity information and knowledge strengthens the culture of cooperation and collaboration between communities and strengthens networks and partnerships. 

Cybersecurity is a cornerstone of digital transformation and is a requirement in the most critical sectors of the EU’s economy and society. It is also considered across a broad range of policy initiatives. To avoid fragmentation and inefficiencies, it is necessary to develop a coherent approach, while taking into account the specificities of the various sectors and policy domains. ENISA’s advice, opinions and analyses aim at ensuring consistent, evidence-based and future-proof implementation, focussed on building up cyber resilience in critical sectors and supporting EU Member States in tackling new risks to the Union. 

The benefits of the European digital economy and society can only be fully attained under the premise of cybersecurity. Cyberattacks know no borders. All layers of society can be impacted and the Union needs to be ready to respond to cyber threats incidents and potential cyber crises. Cross-border interdependencies have highlighted the need for effective cooperation between Member States and Union entities for faster response and proper coordination of efforts at the strategic, operational and technical levels. Understanding the ongoing situation is key to being effectively prepared and to be able to respond to cyber incidents, threats and crises.

The frequency and sophistication of cyberattacks is rising steadily, while at the same time the use of digital infrastructures and technologies is increasing rapidly. The need for cybersecurity skills, knowledge and competences exceeds the supply. The EU is investing in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional and across all sectors and age groups. ENISA addresses capacity building across the spectrum. It starts by investing in youth through competence building and training, whilst providing continuous upskilling and reskilling opportunities to professionals, to keep up with the fast-changing nature of cybersecurity. The focus is not only on increasing cybersecurity skill sets in Member States and contributing to the objectives of the Cybersecurity Skills Academy, but also on making sure that the various operational communities always possess the appropriate capacity to deal with the cyber threat landscape. Engaging closely with key players and multipliers in the EU is crucial to ensuring adequate preparedness across sectors and borders, effectively using the lessons learned from well-planned exercises.

Digital products and services bring benefits as well as risks, and these risks must be identified and mitigated. In the process of assessing the security of Information and Communication Technologies (ICT) products, services and processes and ensuring their trustworthiness, a common European approach covering societal, market, research and foresight, economic and cybersecurity needs is required, along with the possibility of influencing the international community by introducing a competitive edge. Using means such as cybersecurity-by-design, market surveillance and certification will allow us to both enforce and promote trust in digital solutions.