Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Overview of standards related to eIDAS

The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards…
Private Sector

Recommendations for technical implementation of the eIDAS Regulation

The present report aims to propose ways in which the eIDAS assessment regime can be strengthened based on the current regime of the eIDAS Regulation, the stakeholders’ concerns and the legitimate need to move towards a more harmonised approach with…
Private Sector

Pseudonymisation techniques and best practices

This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can…
Private Sector

Assessment of ETSI TS 119 403-3 related to eIDAS

This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take place…
Private Sector

Stock taking of security requirements set by different legal frameworks on OES and DSPs

In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Private Sector

Trust Services Security Incidents 2018 - Annual report

The annual report on Trust Services Security Incidents 2018 gives an aggregated overview of security breaches, showing root causes, statistics and trends. It marks the third round of security incident reporting for the EU’s trust services sector.…
Private Sector

Challenges and opportunities for EU cybersecurity start-ups

Based on extensive analysis of the identified challenges and opportunities, as well as on feedback collected from a panel of experts, this report proposes a set of recommendations to start-ups and SMEs active in the NIS market.
Private Sector

Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity

The present report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point…
Private Sector

Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
Private Sector

European Cybersecurity Month 2018 - Deployment Report

This report summarises the activities carried out by ENISA and the participating Member States for the European Cybersecurity Month 2018 and presents the evaluation and conclusions of the campaign. The ECSM campaign was successfully executed across…
Private Sector