ENISA

38% of all reported cyber incidents in the EU in 2024 targeted the public administration sector.

Cybercrime operators accounted for approximately 16% of cyber incidents in the EU in 2024.

Cyberespionage campaigns constituted 2.5% of all reported cyber incidents in the EU in 2024.

Data breaches accounted for 17.4% of cyber incidents affecting public administration in the EU in 2024.

69% of cyber incidents in 2024 targeted central governments in the EU.

60% of all reported cyber incidents in 2024 were Distributed Denial-of-Service (DDoS) attacks.

Hacktivists were responsible for nearly 63% of cyber incidents in the EU in 2024.

Phishing (including malspam, vishing, and malvertising) was the dominant intrusion vector, accounting for approx. 60% of cases..

Top Shares of Recorded Incidents by Sector in the EU: 38.2%: Public Administration, 28.5%: Unknown, 7.5%: Transport (second most targeted sector), 4.8%: Finance, 4.5%: Energy, 2.9%: Education, 2.3%: Health, 2.2%: Digital Infrastructure & Services, 1.7%: Manufacturing, 1.2%: Media & Entertainment.

13.4% of assessed objectives were financially-motivated.

State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.

79.4% of assessed objectives were ideology driven.

Vulnerability exploitation accounted for 21.3% of initial access vectors.

7.2% of assessed objectives were cyberespionage.

Public Administration was the most targeted sector in the EU, accounting for just over 38% of incidents.

Vulnerability exploitation led to malware deployment as a follow-up activity in 68% of cases.

Ransomware remained the most impactful cybercrime tool despite a reported decrease of 11% compared to the previous ENISA Threat Landscape (ETL) report.

NoName057(16) was responsible for over 60% of claims in the realm of hacktivism, sustained by its DDoSia platform

Insider threats accounted for 0.8% of initial access vectors.

Botnet accounted for 9.9% of initial access vectors.

Essential entities (including public administration, transport, digital infrastructure and services, finance, and manufacturing) represent 53.7% of the total number of recorded incidents in the EU.

Malicious applications accounted for 8% of initial access vectors.

Within Public Administration, incidents were dominated by low-impact DDoS campaigns (94.8%).