The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.
Incident reporting is essential for understanding and analysing the EU cybersecurity threat landscape.
A cornerstone of European Union cybersecurity legislation is the reporting of cybersecurity incidents, addressed by several distinct laws within the EU. In 2018, the EU Directive on Security of Network and Information Systems (called the NIS Directive) came into force, introducing notification rules for cybersecurity incidents for operators of essential services in a wide range of critical sectors, such as energy, transport, finance and health.
The NIS2 Directive is a continuation and a consolidation of the NIS1 approach in relation to incident reporting. Asset owners and operators will need take appropriate security measures and notify incidents to the relevant national authority and/or to their national computer security incident response team (CSIRT) within 24 hours as an early warning and within 72 hours for a full incident notification. NIS2 also introduced an obligation for the competent authority or CSIRT to give initial feedback to the reporting entity without undue delay and where possible, within 24 hours. Specific rules on incident reporting are also detailed under the legislation regarding payment service providers, manufacturers of medical services and data controllers.
ENISA has been supporting the implementation of these specific sector legislations by developing procedures, templates, tooling and analysis regarding cybersecurity incidents, which are published through annual reports. Overall, incident reporting and cybersecurity threats are intrinsically connected as reporting enables the collection of critical data on threats, attacks, and vulnerabilities. Such information helps to identify trends and to enhance the overall understanding of the cybersecurity landscape. By systematically reporting incidents, organisations and authorities can better anticipate emerging threats and strengthen resilience against future attacks.
Further information on ENISA’s flagship work regarding the current status of the cybersecurity threat landscape and emerging threats can be found under the ‘Cyber Threats’ section. ENISA publishes anonymised and aggregated data deriving from the reporting of security incidents under the Cybersecurity Incident Report and Analysis System (CIRAS) that depicts the overall EU situation into statistics.