ENISA NIS360 2024 REPORT
Last week, the European Union Agency for Cybersecurity (ENISA) released its ENISA NIS360 2024 Report: A Comprehensive Look at Cybersecurity Maturity and Criticality of NIS2 Sectors. The report provides an in-depth analysis of cybersecurity readiness and maturity across sectors essential to the EU economy, including transport, energy, finance, and healthcare.
In the transport sector, the report highlights both advancements and persistent gaps in cybersecurity practices. Many entities have strengthened cyber risk management policies, implemented supply chain security measures, and introduced initiatives to enhance trust within logistics networks. Despite this progress, alignment with NIS2 requirements remains uneven. The aviation sector leads in compliance, followed by railway and maritime, while the road sector lags behind in both digitalisation and cybersecurity preparedness.
The level of digitalisation across transport modes varies significantly. Aviation is at the forefront, integrating advanced digital systems for operations and security. The maritime sector is increasingly adopting digital solutions for port management, vessel tracking, and maritime traffic control. Railways are modernising with digital signaling and automation, including the European Rail Traffic Management System (ERTMS) on key corridors. In contrast, the road sector remains the least digitalised, which currently limits exposure to cyber threats but may increase its vulnerability as digitalisation advances.
The report also emphasises the rising cyber risks facing the transport sector, which ranks as the second most targeted, accounting for 11.19% of recorded cyber incidents. The economic consequences of a cyberattack vary by mode, with aviation and maritime expected to suffer the highest socio-economic impact due to their critical role in global logistics.
To enhance cybersecurity maturity across transport, ENISA outlines key areas for improvement. The report calls for tailored guidance to help entities in all transport modes align with NIS2 requirements, EU-wide risk assessments to address sector-specific threats, and continued dissemination of best practices and situational awareness reports. It also stresses the importance of prioritizing cybersecurity discussions at the EU level to keep pace with evolving threats.
Source: ENISA