The report highlights the substantial cyber threats facing the EU, pointing to vulnerabilities exploited by malicious actors targeting critical EU entities
A comprehensive report by the European Union Agency for Cybersecurity (ENISA) offers a detailed assessment of the cybersecurity capabilities and maturity levels across the EU, presenting an evidence-based analysis and policy recommendations to enhance resilience. The report draws on multiple sources, including the EU Cybersecurity Index and the ENISA Threat Landscape report, and reflects extensive consultation with all 27 EU Member States and the European Commission.
Juhan Lepassaar, Executive Director of ENISA, stressed the importance of continuous evaluation, stating: “Since its establishment, ENISA has been steadfast in its commitment to providing expertise and strategic support to EU Member States. Amidst growing cybersecurity threats, technological advancements, and a complex geopolitical landscape, it is vital to assess our capabilities. Through this process, we can effectively evaluate our maturity levels and strategically plan our next steps. The first report on the state of cybersecurity in the Union reflects on our ongoing collective efforts and underscores our shared goal to bolster security and resilience across the EU.”
The report highlights the substantial cyber threats facing the EU, pointing to vulnerabilities exploited by malicious actors targeting critical EU entities. While Member States have developed aligned cybersecurity strategies, differences in the size and criticality of sectors complicate the uniform application of cybersecurity measures. On a more positive note, cybersecurity awareness among EU citizens appears to be improving, particularly among younger generations, despite varying levels of educational maturity across Member States.
Key Policy Recommendations
The report outlines six key policy recommendations across four priority areas: policy implementation, crisis management, supply chain security, and skills development. Notably, it emphasises the need to:
1. Strengthen technical and financial support for European institutions and national authorities under the NIS2 Directive, ensuring a harmonised and coherent implementation of EU cybersecurity policies.
2. Revise the EU Blueprint for coordinated responses to large-scale cyber incidents, incorporating the latest policy developments to enhance cybersecurity resilience across the EU.
3. Expand the EU’s cybersecurity workforce through the Cybersecurity Skills Academy, establishing a unified training approach and addressing the skills gap through a European attestation scheme.
4. Bolster supply chain security by enhancing risk assessments and developing a cohesive policy framework to address challenges faced by public and private sectors.
5. Improve sector-specific cybersecurity maturity using mechanisms established under the Cyber Solidarity Act, focusing on vulnerable sectors and risks identified in EU-wide assessments.
6. Promote a unified approach to cybersecurity awareness and hygiene among professionals and citizens, ensuring consistency across demographics.
Looking Ahead
The report also identifies key themes that will demand greater attention in the future, including Artificial Intelligence (AI) and Post-Quantum Cryptography. These emerging technologies will require increased investment in research, development, and innovation to maintain EU competitiveness. ENISA underscores the need for common situational awareness and robust operational cooperation to prepare for evolving threats.
While the EU has established a solid foundation in cybersecurity, adapting to new roles and navigating an increasingly complex threat landscape remain ongoing challenges. The report emphasises the importance of strategic planning and collaboration to ensure the Union’s cybersecurity resilience in the years to come.
