Trending

ee-track">
Link copied!

ENISA’s NIS360 Report Provides a Strategic View of Cybersecurity Maturity Across Critical Sectors

The European Union Agency for Cybersecurity (ENISA) provides a structured analysis of sectoral vulnerabilities, helping policymakers, regulators, and industry stakeholders identify gaps, prioritize investments, and enhance cyber resilience.

March 13, 2025 · 3 min read
ENISA’s NIS360 Report Provides a Strategic View of Cybersecurity Maturity Across Critical Sectors

Introduction

The European Union Agency for Cybersecurity (ENISA) has released its inaugural “NIS360” report, offering a comprehensive assessment of cybersecurity maturity across key sectors under the NIS2 Directive.

The report provides a structured analysis of sectoral vulnerabilities, helping policymakers, regulators, and industry stakeholders identify gaps, prioritize investments, and enhance cyber resilience. With cyber threats escalating in complexity, the NIS2 framework is a pivotal tool for tracking progress and ensuring alignment with EU cybersecurity regulations.

Key Findings

The Three Most Mature Sectors

ENISA identifies electricity, telecommunications, and banking as the most mature cybersecurity sectors. These industries benefit from strong regulatory oversight, consistent investments, and deep-rooted public-private partnerships. Their advanced cybersecurity frameworks are benchmarks for other sectors striving to meet NIS2 compliance.

Digital Infrastructure: A Tier Below

Entities within digital infrastructure (internet exchange points, top-level domains, data centers, and cloud services) rank just below the top tier in cybersecurity maturity. While foundational to the digital economy, these sectors struggle with cross-border coordination, regulatory inconsistencies, and diverse maturity levels among stakeholders.

The Risk Zone: Sectors That Require Immediate Action

Six sectors fall within the NIS360 risk zone, meaning their cybersecurity maturity lags behind their criticality. This misalignment exposes them to significant threats, requiring urgent interventions.

1. ICT Service Management

  • Faces unique challenges due to cross-border complexities and regulatory overlap with DORA.
  • Needs harmonized supervision and reduced compliance burdens to ensure resilience.

2. Space

  • Struggles with low cybersecurity awareness and reliance on commercial off-the-shelf components.
  • Requires sector-wide collaboration, security testing guidelines, and policy support.

3. Public Administration

  • A prime target for hacktivists and nation-state cyber operations.
  • Needs EU Cyber Solidarity Act funding, enhanced security protocols, and shared service models to close capability gaps.

4. Maritime

  • Operational Technology (OT) remains a key vulnerability.
  • Would benefit from sector-specific cybersecurity frameworks and EU-level crisis management exercises.

5. Health

  • Faces threats due to legacy systems, supply chain vulnerabilities, and underdeveloped cybersecurity protocols.
  • Needs stronger procurement guidelines, cybersecurity awareness programs, and sector-wide cooperation.

6. Gas

  • Increasingly targeted due to its interdependencies with electricity and manufacturing.
  • Requires better incident response planning and cross-sector coordination.

Recommendations to Strengthen Cyber Resilience

ENISA’s report emphasizes three strategic priorities to enhance cybersecurity across all sectors:

  1. Stronger Collaboration: Encouraging cross-sector partnerships and coordinated threat intelligence sharing.
  2. Sector-Specific Guidance: Developing tailored cybersecurity frameworks to meet the unique needs of each industry.
  3. Harmonization of Regulations: Aligning cybersecurity requirements across national borders to enhance enforcement and compliance.

Conclusion

The NIS360 report provides a roadmap for improving cybersecurity maturity across Europe’s most critical sectors. The EU Agency for Cybersecurity Executive Director, Juhan Lepassaar said: “ENISA is working closely with the EU Member States to implement the NIS2 Directive by providing expertise and guidance. The ENISA NIS360 gives valuable insight into the overall maturity of NIS sectors and the challenges of individual sectors. It explains where we stand, and how to move forward.”

While some industries lead in resilience, others require urgent action to bridge capability gaps. Policymakers, regulators, and industry leaders must act on these insights to fortify Europe’s cyber defenses. As cyber threats evolve, proactive investment, regulatory alignment, and cross-sector collaboration will be key to safeguarding the digital future.

References

https://www.enisa.europa.eu/publications/enisa-nis360-2024

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams