Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date
Public_Consultation_on_Specifications_for_EUICC_Certification.png

Public Consultation on Specifications for EUICC Certification under the EUCC scheme

ENISA has published specifications for the evaluation and certification of embedded Universal Integrated Circuit Cards (eUICCs) under the European Common Criteria-based cybersecurity certification scheme (EUCC). Recognising the potential role of…

National / EU authoritiesPrivate Sector
Best_Practices_for_Cyber_Crisis_Management.png

Best Practices for Cyber Crisis Management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

National / EU authorities

Market of Cybersecurity Assessments

This Report aims at presenting the current state of play of cybersecurity assessments of ICT products and cloud services. In order to study the dynamic of the related market, the report focuses on the evolution of the number of assessed ICT…
National / EU authorities

Cybersecurity Support Action

The ENISA Cybersecurity Support Action provides ex-post and ex-ante services and assistance to Member States' NIS2 Directive entities.
National / EU authorities
sustained activity by specific threat actors joint publication

Sustained Activity by Threat Actors- Joint Publication

ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team of all the EU institutions, bodies and agencies (EUIBAs), have issued a joint publication to alert on sustained activity by particular threat actors. Malicious…
National / EU authorities

Aspects of Cooperation between CSIRTs and LE - Handbook 2021

This training material is an updated version of the training material Aspects of Cooperation between CSIRT and LE - Handbook, Document for trainers3, that was developed based particularly on the ENISA 2020 Report on CSIRT-LE Cooperation.
National / EU authorities

Aspects of Cooperation between CSIRTs and LE - Toolset 2021

This training material is an updated version of the ENISA training material Aspects of Cooperation between CSIRT and LE - Toolset, Document for trainees3, that was developed based particularly on the ENISA 2020 Report on CSIRT-LE Cooperation.
National / EU authorities

2021 Report on CSIRT-Law Enforcement Cooperation

The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental CSIRTs, and Law enforcement agencies (LEAs) and their interactions with…
National / EU authorities

ENISA CSIRT Maturity Framework - Updated and improved

This document presents the updated and improved version of ENISA’s Computer Security Incident Response Teams (CSIRT) Maturity Framework that is intended to contribute to the enhancement of the capacity to manage cyber incidents, with a focus on…
National / EU authorities

CSIRT Capabilities in Healthcare Sector

An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…
National / EU authoritiesPrivate Sector