VendorsENISA
ENISA
Cybersecurity reports and statistics published by ENISA
8 categories2 reports
Research Reports
Reports and publications from ENISA
Recent Statistics & Reports
Cybercrime operators accounted for approximately 16% of cyber incidents in the EU in 2024.
11/9/2025•
Cyber incidentCybercrime operatorEurope
Cyberespionage campaigns constituted 2.5% of all reported cyber incidents in the EU in 2024.
11/9/2025•
Cyber incidentCyberespionageEurope
Hacktivists were responsible for nearly 63% of cyber incidents in the EU in 2024.
11/9/2025•
Cyber incidentHacktivismEurope
69% of cyber incidents in 2024 targeted central governments in the EU.
11/9/2025•
Cyber incidentCentral governmentEurope
38% of all reported cyber incidents in the EU in 2024 targeted the public administration sector.
11/9/2025•
Cyber incidentPublic AdministrationEurope
Data breaches accounted for 17.4% of cyber incidents affecting public administration in the EU in 2024.
11/9/2025•
Data breachCyber incidentPublic Administration
60% of all reported cyber incidents in 2024 were Distributed Denial-of-Service (DDoS) attacks.
11/9/2025•
Cyber incidentDDoSEurope
NoName057(16) was responsible for over 60% of claims in the realm of hacktivism, sustained by its DDoSia platform
10/1/2025•
EuropeNoName057(16)Hactivism
Ransomware remained the most impactful cybercrime tool despite a reported decrease of 11% compared to the previous ENISA Threat Landscape (ETL) report.
10/1/2025•
EuropeRansomware
State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.
10/1/2025•
EuropeDDoSState-aligned
Vulnerability exploitation led to malware deployment as a follow-up activity in 68% of cases.
10/1/2025•
EuropeVulnerability exploitationMalware
Insider threats accounted for 0.8% of initial access vectors.
10/1/2025•
EuropeInsider threatInitial access vector
Botnet accounted for 9.9% of initial access vectors.
10/1/2025•
EuropeBotnetInitial access vector
Essential entities (including public administration, transport, digital infrastructure and services, finance, and manufacturing) represent 53.7% of the total number of recorded incidents in the EU.
10/1/2025•
EuropeEssential entitiesCyber incident
Malicious applications accounted for 8% of initial access vectors.
10/1/2025•
EuropeMalicious applicationInitial access vector
13.4% of assessed objectives were financially-motivated.
10/1/2025•
EuropeCyber incident motivation
Within Public Administration, incidents were dominated by low-impact DDoS campaigns (94.8%).
10/1/2025•
EuropePublic administrationCyber incident
Phishing (including malspam, vishing, and malvertising) was the dominant intrusion vector, accounting for approx. 60% of cases..
10/1/2025•
EuropePhishingIntrusion vector
Top Shares of Recorded Incidents by Sector in the EU: 38.2%: Public Administration, 28.5%: Unknown, 7.5%: Transport (second most targeted sector), 4.8%: Finance, 4.5%: Energy, 2.9%: Education, 2.3%: Health, 2.2%: Digital Infrastructure & Services, 1.7%: Manufacturing, 1.2%: Media & Entertainment.
10/1/2025•
EuropeCyber incident
79.4% of assessed objectives were ideology driven.
10/1/2025•
EuropeCyber incident motivation
Showing first 20 results