ENISA’s 2024 Activity Report celebrates 20 years of impact and highlights strategic progress in EU cybersecurity

ENISA has published its Consolidated Annual Activity Report for 2024, highlighting a year of major progress as the agency marked its 20th anniversary. The report confirms ENISA’s growing role in shaping and supporting the EU’s cybersecurity landscape, both strategically and operationally.

One of the headline achievements is the publication of the first-ever “State of the Union Cybersecurity Report,” which offers a detailed assessment of cybersecurity capabilities across Europe. Built on ENISA’s Cybersecurity Index and other strategic foresight tools, the report provides policymakers with concrete recommendations to address gaps and strengthen collective resilience.

ENISA also continued to play a leading role in supporting the implementation of the NIS2 Directive. In 2024, it delivered detailed technical guidelines, launched the EU Digital Infrastructure Registry to support cross-border supervision, and advanced work on coordinated vulnerability disclosure. The agency became a Common Vulnerabilities and Exposures (CVE) Numbering Authority and completed the first phase of the EU Vulnerability Database, laying the groundwork for more coordinated risk management at the EU level.

Operationally, ENISA organised the largest edition to date of the Cyber Europe exercise, focusing on the energy sector and involving over 1,000 participants. It trained more than 2,000 cybersecurity professionals through hands-on, ECSF-aligned programmes, directly addressing workforce needs. Its Cybersecurity Support Action processed 482 requests from all 27 Member States, enhancing preparedness and response capacity across the Union.

The report includes strong performance indicators. ENISA met its full annual budget commitment of €26.2 million, and stakeholder satisfaction remained high, with 88% of respondents finding ENISA’s work of significant value and 96% expressing confidence in the agency’s ability to meet its mandate.

ENISA’s Executive Director Juhan Lepassaar called 2024 a milestone year that demonstrated the agency’s ability to adapt to a rapidly evolving threat landscape and deliver concrete results. The report shows that ENISA is increasingly seen as a trusted partner, working across the EU to build cybersecurity capacity, support implementation of critical legislation, and strengthen cooperation between public and private actors.

The full report is available on ENISA’s website.