State of cybersecurity in the EU

Content

A comprehensive view of cybersecurity maturity across EU Member States is key to achieving a high common level of cybersecurity throughout the Union.

ENISA

Mandated by the Cybersecurity Act, the European Union Agency’s (ENISA’s) work is centered on achieving a “high common level of cybersecurity across the Union” and supporting the European Union and Member States to “increase their cybersecurity capabilities”. 
Recent years have been characterised by a proliferation of EU cybersecurity policy framework and initiatives with the introduction of key horizontal and sectorial legislation, aiming to elevate the state of cybersecurity in the EU. At the same time, geopolitics and the emerging cybersecurity threats greatly influence the stance and tactics of state and non-state actors. 

In this complex landscape, a comprehensive understanding of the current state of cybersecurity maturity of EU Member States is fundamental to achieve these objectives. Continuous and consistent monitoring of the cybersecurity levels across the EU over time, is the primary means of assessing current cybersecurity capabilities and identify areas of improvement in the EU cyber ecosystem.

In accordance to Article 18 of the Directive (EU) 2022/2555 (NIS2 Directive), ENISA was tasked to adopt, in cooperation with the European Commission and the Cooperation Group, a biennial report on the state of cybersecurity in the Union. In December 2024, the first ever version of this report will besubmitted and presented to the European Parliament. The aim of the report is to offer EU policy makers an evidence-based overview of the state of play with regard to the cybersecurity landscape and capabilities across the EU, national, and societal domains. The end product of the report is policy recommendations to address revealed gaps and weaknesses, leading to the improvement of the cybersecurity level in the Union.

From a cybersecurity investment perspective, allocating sufficient budgetary and human resources to cybersecurity is key to maintain existing cybersecurity capabilities and advancing cyber resilience. Through its NIS Investments report, ENISA offers insights on the impact of the EU cybersecurity framework, and particularly the NIS Directive, on cybersecurity investments and the overall maturity of organisations in scope. The annual report examines how essential and important entities of critical sectors are affected by the evolving regulatory landscape and current challenges in the cybersecurity field.

The EU Cybersecurity Index (EU CSI) - Framework and methodological note

Towards enhancing this effort, ENISA has developed the ‘EU Cybersecurity Index’ (EU CSI), which is a tool to describe the cybersecurity posture of Member States and the EU. Making the most of the available data and information, the ‘Index’ provides insights on the respective cybersecurity maturity and capabilities while helping detect opportunities for peer-learning and improvement. This way, it enables the evaluation of progress towards higher levels of cybersecurity vis-à-vis index indicators.

To find more, download the EU CSI - Framework and methodological note.

Public consultation

We invite all interested stakeholders to contribute their insights and feedback to help shape the further development of the EU-CSI framework and methodology. Please contact us at eucsi-feedback@enisa.europa.eu

 

Related content

Telecom_Security_Incidents_2022.png

Telecom Security Incidents 2022

March 14, 2024

The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.

Trust Services Security Incidents 2022

February 22, 2024

This report, the Annual Report Trust Services Security Incidents 2022, provides an aggregated overview of the notified breaches for 2022, analysing root causes, statistics and trends.

NIS Investments Report 2023

November 16, 2023

This report aims at providing policy makers with evidence to assess the effectiveness of the existing EU cybersecurity framework specifically through data on how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in the E

Good Practices for Supply Chain Cybersecurity

June 13, 2023

The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organisat

BROWSE ALL PUBLICATIONS

EU ISACS Summit 2024

2024 Jul 17

2nd ENISA Cybersecurity Policy Conference

2023 Nov 08

EU Cybersecurity Policy Conference

2022 Dec 14

BROWSE ALL EVENTS

ESAs and ENISA sign a Memorandum of Understanding to strengthen cooperation and information exchange

Press Release June 05, 2024

The European Supervisory Authorities (EBA, EIOPA, and ESMA - the ESAs) today announced that they have concluded a multilateral Memorandum of Understanding (MoU) to strengthen cooperation and information exchange with the European Union Agency for Cyber

Shaping Cybersecurity Policy towards a trusted and secure Europe

Press Release April 18, 2024

On 17 April, the European Union Agency for Cybersecurity (ENISA),the European Commission (DG CNECT) and the Belgian presidency of the Council of the European Union organised the 2nd EU Cybersecurity Policy Conference.

CSIRT - Law Enforcement Cooperation Workshop - 10 Years of Joint Efforts against Cybercrime

News Item October 19, 2021

The European Union Agency for Cybersecurity, (ENISA) and Europol’s European Cybercrime Centre (EC3) organised the 10th Annual Workshop for CSIRTs and law enforcement.

Navigating cybersecurity investments in the time of NIS 2

Press Release

The latest report of the European Union Agency for Cybersecurity (ENISA) aims to support policy makers in assessing the impact of the current EU cybersecurity framework, and particularly the NIS 2 Directive, on cybersecurity investments and the overall

BROWSE ALL NEWS