The year 2024 has proven to be a crucial one for cybersecurity in the European Union, with the European Union Agency for Cybersecurity (ENISA) publishing its first report on the state of cybersecurity within the EU. This report, produced in collaboration with the NIS Cooperation Group and the European Commission, serves as an essential tool for understanding the current landscape and defining future strategies in cybersecurity.
Cybersecurity in the European Union by the Numbers
Throughout 2024, the European Union has seen a significant rise in cyber threats, driven by the acceleration of digitalization and increased social and economic connectivity. The report highlights a sharp increase in ransomware and Denial-of-Service (DoS/DDoS) attacks, which together account for over half of the incidents observed. Between July 2023 and June 2024, there was a peak in DDoS attacks, with a maximum of 600 events per month during this period.
According to data from the ENISA report, between July 2023 and June 2024, the total number of reported cybersecurity incidents increased by 24% compared to the previous year. Of these, 32% were ransomware attacks, while DoS/DDoS attacks accounted for 29%. This increase is partly attributed to the unstable geopolitical climate, which has led to more attacks by hacktivist groups linked to international conflicts, such as the one in Ukraine and the conflict between Israel and Palestine. Supply chain attacks have also emerged as a concerning trend, with 14% of incidents involving digital suppliers directly.
In terms of affected sectors, the report indicates that the public sector suffered 19% of the total attacks, while the healthcare sector saw a significant rise, with 15% of attacks targeting hospitals and healthcare infrastructure. This increase has been attributed to the vulnerability of legacy systems and the growing reliance on connected medical devices. The banking and financial sector was also targeted, accounting for 9% of reported incidents, mainly through ransomware attacks aimed at extorting money or sensitive information.
Another significant data point concerns the average duration of disruptions caused by cyberattacks. In 2024, the average duration of disruptions rose to 17 hours, compared to 12 hours the previous year. This increase reflects the growing sophistication of attacks, and the difficulty organizations face in quickly restoring their systems. Incident response was often hindered by a lack of qualified personnel and deficiencies in incident response plans.
Additionally, the ENISA report notes that 25% of organizations affected by cyberattacks suffered data compromise, with a substantial amount of sensitive data being exfiltrated or destroyed. Most of these attacks were carried out using known but unresolved vulnerabilities, highlighting the importance of vulnerability management and timely system updates.
The report also shows that the maturity of cybersecurity across the various EU countries presents significant variability, with some countries demonstrating high preparedness and others still lagging.
Cybersecurity Maturity and Capabilities Level
The analysis of the level of maturity of cybersecurity capabilities across the Union shows an overall assessment of 62.65 out of 100. This value indicates a decent convergence among Member States, but with notable differences in areas related to the implementation of vulnerability disclosure policies and surveillance measures.
According to the ENISA report, there are some areas with very high maturity scores, such as threat management and incident detection capabilities. However, other sectors show significant gaps. For instance, only 47% of Member States have adopted a nationally coordinated vulnerability disclosure process, while 55% are still in the definition phase. This indicates a considerable disparity in the ability to manage and disclose vulnerabilities among different Member States.
Moreover, the adoption of supply chain security measures is still limited. Only 37% of Member States have adopted security management policies for the supply chain of essential and important entities. This figure is particularly worrying given the rise in supply chain attacks affecting critical digital service providers. The report also highlights that 52% of critical entities have implemented strict vulnerability management policies, but 13.5% of these have no visibility into the patching status of their IT assets.
In the context of the private sector, the telecommunications, energy, and finance sectors are considered highly mature in terms of cybersecurity, while the health and rail transport sectors, although critical, show lower maturity levels. The situation is particularly problematic for the oil sector, which is in the early stages of its digitalization and cybersecurity maturity. Furthermore, the report indicates that the lack of specific skills is one of the main challenges for most Member States, with a growing gap in the availability of qualified personnel and the ability to respond to incidents.
Awareness and Social Capacity
One of the most concerning aspects emerging from the report is the cybersecurity awareness among EU citizens.
According to Eurostat data reported by ENISA, 46% of Europeans lack sufficient digital skills, with significant disparity across different age groups. Only 35% of citizens aged between 55 and 74 have basic digital skills, compared to 70% of young adults. Additionally, the digital divide between urban and rural areas remains significant: 61% of urban residents have basic digital skills, while this percentage drops to 46% in rural areas. Although the gender gap in digital skills is decreasing, there is still a 3.4% difference between men and women.
Another issue highlighted is the confidence of citizens in their ability to protect themselves from cyber risks, which dropped to 59% in 2024, compared to 71% in 2017. This decline could reflect a greater awareness of cyber risks and the increasing complexity of threats. Furthermore, only 22% of citizens are aware of the existence of an official channel for reporting cybercrimes, emphasizing the urgency of improving public communication and information.
These data point to the need to launch targeted awareness and training initiatives, involving both young people and older adults. Particular attention should be given to rural areas, where the digital divide is more pronounced. Moreover, the availability of higher education programs in cybersecurity varies significantly between Member States, with some countries offering a wide variety of courses, while others still show significant lag in this area.
Cybersecurity in Italy
The 2024 report from the European Union Agency for Cybersecurity (ENISA) highlights significant gaps in Italy's cybersecurity preparedness, especially compared to the European average. Cybersecurity in Italy faces several challenges in terms of incident response capabilities and crisis preparedness. Only a limited number of large companies have security operations centers (SOCs), reflecting a lower maturity compared to other EU Member States. Additionally, supply chain risk management appears less developed in Italy, with a reduced percentage of companies implementing effective policies to manage these risks compared to European standards.
Between July 2023 and June 2024, several significant cybersecurity incidents were recorded in Italy, primarily ransomware and Denial of Service (DDoS) attacks. These attacks often targeted the public and healthcare sectors, two particularly vulnerable areas. However, Italian public authorities have yet to widely implement structured incident response plans, showing a level of preparedness below the EU average.
Regarding vulnerability management, many Italian organizations are still not fully able to cover all critical resources, nor are they able to apply patches promptly. Risk management, especially concerning known vulnerabilities, remains an area for improvement. These limitations are particularly relevant for organizations with extensive infrastructures and operating systems, which struggle to keep all technological assets updated and secure.
Italian organizations also lag the European average in participating in national or international cybersecurity exercises. This implies inadequate crisis management preparedness, with few organizations regularly testing their response plans through simulations and exercises. This reduces their ability to react to potential large-scale attacks and threats.
In terms of training and skills, large Italian companies demonstrate a greater focus on cybersecurity, investing more frequently in employee training. However, small and medium-sized enterprises (SMEs) are less likely to provide specific cybersecurity training, indicating limited maturity in this area. There is a clear difficulty in finding professionals with cybersecurity skills, reflected in the lack of recent hires in this field, contributing to the persistent skills gap relative to real needs.
This situation underscores the need to improve security infrastructure, increase staff training, and promote active participation in European-level exercises to enhance response capabilities and adaptability to increasingly sophisticated threats.
Recommendations and Future Prospects
To address the challenges highlighted, the report proposes several strategic recommendations. One of the main recommendations concerns strengthening the capabilities to manage cyber crises through a review of the EU Blueprint for coordinated response to large-scale incidents. Moreover, it is recommended to enhance training and reskilling of the European workforce in cybersecurity, with a particular focus on reducing the skills gap and including underrepresented demographic groups, such as women and rural residents.
The European Union is also called upon to develop an advanced horizontal policy for supply chain security, focusing on coordinated risk assessment and promoting vulnerability management initiatives involving both the public and private sectors. Enhancing information-sharing capabilities among Member States and creating coordinated alert mechanisms are other key points for ensuring cybersecurity resilience across Europe.
According to the ENISA report, it is crucial to ensure technical and financial support to competent national authorities and EUIBA (EU Institutions, Bodies, and Agencies) to ensure harmonized, timely, and consistent implementation of the ever-evolving regulatory framework. Additionally, the review of the European Blueprint for large-scale incident responses should further promote the harmonization of cybersecurity at the EU level and optimize response capabilities at both national and European levels.
The Cybersecurity Skills Academy is one of the main pillars for addressing the skills gap in the sector, aiming to create a coordinated European approach to cybersecurity training, certification, and skills management. It is necessary to develop specific training programs that meet the needs of the labor market and ensure the participation of underrepresented demographic groups to bridge the skills gap and promote an inclusive workforce.
To improve supply chain security, the report proposes intensifying coordinated risk assessments at the European level and developing an advanced policy framework that addresses the specific challenges related to cybersecurity in both the public and private sectors. The adoption of effective vulnerability management policies, greater cooperation among Member States, and better awareness of sector-specific challenges are all considered essential actions to strengthen the overall resilience of the system.
Conclusions
The 2024 ENISA report offers a complex and detailed picture of the challenges the European Union faces in the cybersecurity landscape, highlighting not only emerging threats but also significant structural delays that limit the overall resilience of Member States. This scenario highlights a crucial strategic dynamic: cybersecurity is no longer just a technical or corporate risk management issue but represents a true trust infrastructure on which the entire European digital economy is founded.
Disparities in the maturity of cybersecurity capabilities among Member States point to a strategic danger: a disjointed approach makes the EU vulnerable to transnational threats that exploit weak links in the chain. In an interconnected context, the failure of a single State can have devastating domino effects on critical sectors such as transport, energy, and healthcare, creating an insecure environment that undermines the competitiveness of the entire bloc. Supply chain security, for example, emerges as one of the most critical issues: the lack of coordinated policies on a European scale is a limitation that requires a paradigm shift in managing digital interdependencies.
A key aspect often overlooked in traditional narratives is the role of geopolitics as an amplifier of cyber threats. State-sponsored cyberattacks or those by hacktivist groups linked to international conflicts are not just local disruption tools but genuine levers of economic and social destabilization. This underscores the urgency of integrating cybersecurity into common European foreign and defense strategies. Cybersecurity thus becomes a new field of shared sovereignty, where regulatory harmonization and the strengthening of cross-border operational capabilities are not optional but a necessity.
In Italy, the lower maturity level of cybersecurity compared to the European average is another wake-up call, but also an opportunity to rethink the role of cybersecurity as a strategic element for economic development. The high incidence of attacks on critical sectors such as healthcare and energy reveal a systemic vulnerability: failing to adapt to new threats is not just a matter of protection but risks halting the country’s process of digital transformation and innovation. It is evident that Italy must more determinedly address the fragmentation of skills and the lack of a centralized vision for crisis management.
The slow adoption of vulnerability management processes is an emblematic example of how both public and private organizations often underestimate the importance of proactivity over reactivity. Investing in specific skills training is not only a risk mitigation factor but also an economic growth accelerator, capable of positioning the EU and its Member States as leaders in the global secure technology market. However, this requires a political vision that goes beyond short-term logic and recognizes the strategic value of human resources.
Finally, a fundamental point emerging from the report concerns digital awareness and citizen trust. The perception of cyber risk as a distant or purely technical issue is one of the greatest weaknesses of European society. Changing this mindset through effective communication strategies and widespread educational programs could generate an invaluable competitive advantage. An aware citizen is a resilient citizen, capable not only of defending against cyber risks but also of actively contributing to a shared security culture.
In summary, cybersecurity today stands at the heart of European digital sovereignty. Failing to address the structural and cultural gaps highlighted in the report with determination would not only compromise internal resilience but also forfeit a unique opportunity to redefine the EU’s role as a global leader in an era where digital security is synonymous with progress and stability. The European Union must act with vision and courage, transforming current vulnerabilities into a cohesive and ambitious project of cyber leadership.
Source: https://www.enisa.europa.eu/publications/2024-report-on-the-state-of-the-cybersecurity-in-the-union
Commentaires