ENISA NIS 360 report 2024

by SPAC Alliance | Mar 6, 2025 | Library, NIS 2, Regulations

NIS 360: Progress, gaps and threats for each NIS 2 sectors

The ENISA NIS360 2024 report provides a detailed assessment of the cybersecurity maturity and criticality of sectors under the NIS2 Directive. It highlights key sectors such as electricity, telecoms, and banking, which are highly mature, alongside those in the “risk zone,” like ICT service management and space.

“ENISA is working closely with the EU Member States to implement the NIS2 Directive by providing expertise and guidance. The ENISA NIS360 gives valuable insight into the overall maturity of NIS sectors and the challenges of individual sectors. It explains where we stand, and how to move forward.”

Juhan Lepassaar
EU Agency for Cybersecurity Executive Director

What the report says: between Maturity and Vulnerability

ENISA evaluated the cybersecurity posture of 22 critical sectors, classifying them based on their maturity and criticality.

This analysis is based on data from national authorities, companies within the in-scope sectors, and insights from EU-level sources such as Eurostat.

Critical and Mature Sectors: The electricity, telecoms, and banking sectors are the most critical and mature, benefiting from significant regulatory support, investments, and public-private partnerships.
Challenges in Digital Infrastructure: Digital infrastructures (such as core internet services, data centers, and cloud services) are critical but face challenges due to their heterogeneous nature and cross-border complexities.
Sectors in the ‘Risk Zone’: six sectors have been identified as critical yet insufficiently mature:
- ICT Service Management
- Space Industry
- Public Administration
- Maritime
- Healthcare
- Gas Industry

These sectors must accelerate their efforts, particularly in incident management, cross-sector collaboration, and skill development.

With actionable recommendations, the report helps guide policymakers and stakeholders in strengthening cybersecurity resilience and addressing critical gaps across Europe.

Download the report

WHAT THIS MEANS FOR THE SECURITY & ACCESS CONTROL INDUSTRY

The NIS 2 directive imposes new obligations on access control and security actors. The insights from the NIS360 report directly impact our industry.

The ICT Service Management sector is at risk, while our access control infrastructures rely heavily on digital services, including cloud and IoT technologies.

Public administrations are major clients for security firms, yet they remain highly vulnerable targets. Their protection is a shared responsibility.

The Healthcare sector is facing an explosion of cyberattacks. Securing access to healthcare data is a critical priority.

Maritime sector and gas industries are under pressure, both strategic sectors for physical security and the economy, where cybersecurity remains widely overlooked.

As SPAC Alliance, we must be proactive in helping these sectors secure their infrastructures and access management systems.

OUR RECOMMENDATIONS FOR SPAC ALLIANCE MEMBERS

This NIS 360 ENISA report is a wake-up call. We must take collective action to improve the resilience of our ecosystems.

Three key priorities to implement immediately:

Strengthen support for vulnerable sectors by offering tailored cybersecurity solutions for public administrations, healthcare, and critical infrastructures.
Foster stronger collaboration between physical security and cybersecurity actors. The convergence of physical and digital security must be anticipated and embedded in our solutions.
Anticipate future NIS2 requirements by delivering compliant services, integrating Zero Trust principles, and reinforcing multi-factor authentication across all our offerings.

We must be at the forefront of addressing these challenges. Cybersecurity should no longer be seen as an obstacle but as a competitive advantage for companies in our sector.

The time to act is now. SPAC Alliance is committed to supporting its members in anticipating, securing, and structuring responses to these emerging threats.

Join the conversation and let’s drive the change together.