ctipilot.ch

ENISA NIS360 2026

report · report:enisa-nis360-2026

ENISA NIS360 2026 — public-sector receives 63% of EU hacktivist attacks; seven sectors in risk zone

Coverage timeline
2
first 2026-05-25 → last 2026-06-01
Entries
2
2 distinct days
Sources cited
3
2 hosts
Sections touched
2
weekly-annual-reports, weekly-policy
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-06-01ENISA NIS360 2026 (3rd edition) — seven sectors in the persistent risk zone where criticality outpaces maturity
    weekly-annual-reportsENISA NIS360 2026 (3rd edition) — seven sectors in the persistent risk zone where criticality outpaces maturity
  2. 2026-05-25ENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone"
    weekly-policyENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone"

Where this entity is cited

  • weekly-policy1
  • weekly-annual-reports1

Source distribution

  • enisa.europa.eu2 (67%)
  • securityaffairs.com1 (33%)

Entries about ENISA NIS360 2026 (2)

2026-06-01 · view entry permalink →

ENISA NIS360 2026 (3rd edition) — seven sectors in the persistent risk zone where criticality outpaces maturity

high annual-report discovered 2026-06-01 05:00 UTC

Published 28 May 2026 (ENISA; follow-up coverage 2 June in Security Affairs). The headline finding is structural: a persistent "risk zone" where criticality exceeds maturity comprising public administration, health, railway, maritime, ICT service management, space, and drinking/waste water. Public administration receives nearly 63% of all EU hacktivist attacks and is the most consistently targeted sector, yet roughly one-third of entities lack structured cybersecurity expertise at management level and about half provide no cybersecurity training to management. Water sector: one in three entities has never conducted a risk assessment. The high-maturity sectors — banking, electricity, telecoms, trust services, aviation, financial market infrastructures — share a common driver: regulatory pressure backed by supervisory capacity with real enforcement. Only 16% of NIS2-affected entities consider themselves fully compliant; 41% face uncertainty about national obligations. For NIS2 national authorities: sectors without comparable oversight structures (ICT service management, space) lag structurally. For public-sector SOC managers specifically: the elevated hacktivist pressure confirmed by ENISA should cross-reference directly against current threat-model assumptions and DDoS mitigation capacity, particularly in the June 15–17 G7 Évian window.

hacktivism nation-state vulnerabilities europe

2026-05-25 · view entry permalink →

ENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone"

high policy discovered 2026-05-25 05:00 UTC

ENISA published its third annual NIS360 sectoral-maturity assessment on 2026-05-28, scoring all 18 NIS2 Annex I high-criticality sectors on legislation effectiveness, organisational preparedness, authority capacity and ecosystem maturity. The risk-zone sectors — criticality exceeding maturity — are health, railway (newly entered), maritime, ICT management services, space, public administrations, drinking water (newly entered) and wastewater (newly entered); gas exited after targeted investment. Trust services, aviation and financial-market infrastructures sit in the higher-maturity band, while banking, electricity and telecom are scored among the most critical sectors. The defender-relevant read for this audience: the sectors a Swiss/EU public-sector SOC most often is or serves — public administration, health, water — are precisely the ones ENISA flags as under-resourced relative to their societal importance, which signals where NIS2 supervisory and investment pressure will concentrate next. Use the report as leverage for sector-specific funding and as a benchmark for the maturity axes your own programme is weakest on.

eu-nexus europe