Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date
Best_Practices_for_Cyber_Crisis_Management.png

Best Practices for Cyber Crisis Management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

National / EU authorities

Cyber Insurance - Models and methods and the use of AI

The main objective of this report is to introduce cyber risk and cyber insurance, provide an overview of existing research and modelling approaches, and identify gaps for upcoming research projects.
Private Sector

Cybersecurity and privacy in AI - Forecasting demand on electricity grids

This report allows better assessment of the reality that artificial intelligence brings its own set of threats, which consequently insists on the search for new security measures to counter them. Finally, it should be noted that this guide strongly…
Private Sector

Cybersecurity and privacy in AI - Medical imaging diagnosis

This report allows better assessment of the reality that artificial intelligence brings its own set of threats, which consequently insists on the search for new security measures to counter them. Finally, it should be noted that this guide strongly…
Private Sector

Artificial Intelligence and Cybersecurity Research

The aim of this study is to identify needs for research on AI for cybersecurity and on securing AI, as part of ENISA’s work in fulfilling its mandate under Article 11 of the Cybersecurity Act . This report is one of the outputs of this task. In it…
Private Sector

Multilayer Framework for Good Cybersecurity Practices for AI

In this report, we present a scalable framework to guide NCAs and AI stakeholders on the steps they need to follow to secure their AI systems, operations and processes by using existing knowledge and best practices and identifying missing elements.…
Private Sector

Cybersecurity Support Action

The ENISA Cybersecurity Support Action provides ex-post and ex-ante services and assistance to Member States' NIS2 Directive entities.
National / EU authorities

Cybersecurity of AI and Standardisation

The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in…
National / EU authoritiesPrivate Sector

Developing National Vulnerabilities Programmes

Based on the experiences and perspectives gathered from industry players and national governments, as well as on the documentation developed by multiple actors involved with national vulnerability initiatives and programmes, the EU Coordinated…
National / EU authoritiesPrivate Sector
sustained activity by specific threat actors joint publication

Sustained Activity by Threat Actors- Joint Publication

ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team of all the EU institutions, bodies and agencies (EUIBAs), have issued a joint publication to alert on sustained activity by particular threat actors. Malicious…
National / EU authorities