2024 Report on the State of Cybersecurity in the Union
The first report on the state of cybersecurity in the Union has been published by the European Union Agency for Cybersecurity (ENISA). The report provides EU policy makers with an evidence-based overview of the state of play of the cybersecurity landscape at EU, national and societal levels. It also identifies four priority areas and policy recommendations to address shortcomings and increase the level of cybersecurity across the Union.
What is the ENISA Report on the State of Cybersecurity in the Union?
This report provides a comprehensive overview of the cybersecurity landscape in the European Union. It assesses the current state of cybersecurity maturity and capabilities, identifies key threats and vulnerabilities, and provides policy recommendations to close gaps and elevate cybersecurity across the EU. The report emphasises the importance of a coordinated and proactive approach.
The Cybersecurity Landscape in the EU
The EU faced significant cybersecurity threats during the reporting period, with entities being directly targeted by threat actors or exposed to vulnerabilities. Disruptions to essential services and EU institutions remain a realistic concern.
Policy developments such as the NIS2 Directive, the Cyber Resilience Act (CRA), and the Cyber Solidarity Act (CSOA) have enhanced the EU’s cybersecurity framework. At the same time, sector-specific policies address unique challenges in various critical sectors of the economy and society.
What are the key findings of the report?
The report identifies four priority areas for improvement.
- Policy Implementation – While the EU has introduced various cybersecurity policies, their implementation across Member States is not uniform. Promoting a consistent and coherent implementation at a national level becomes a priority and national authorities are in the process of working towards this goal. However, the policy implementation process is demanding both in terms of time and resources.
- Cyber Crisis Management – At the time of the adoption of NIS1, in 2016, EU-level cooperation on crisis management was still a relatively new area. Since then, significant changes have happened, such as the establishment of the EU-CyCLONe network of national cyber crisis management authorities and new provisions in NIS2.
- Supply Chain Security – Threat groups demonstrate a continuous interest and increased capability in supply chain attacks. Organisations can no longer rely solely on internal cybersecurity defenses as attackers have shifted their attention to suppliers. Key recommendations include improving visibility and control within supply chains, strengthening risk management frameworks, and raising awareness of supply chain security risks.
- Cybersecurity Skills – In this cybersecurity context, in order to address current and upcoming threat challenges, it is crucial to promote a strong cybersecurity culture by raising awareness, improving relevant skills and adopting initiatives aiming to cultivate and retain cybersecurity talent.
Strengthening Cybersecurity Across the European Union
The report provides actionable policy recommendations to close gaps and elevate cybersecurity across the EU, emphasizing the importance of a coordinated and proactive approach. Read the full report to learn more about the EU cybersecurity landscape and the recommendations to address critical cybersecurity challenges in a rapidly evolving digital landscape.
