ENISA’s NIS360 Report Highlights Cybersecurity Gaps Across NIS2 Sectors

The European Union Agency for Cybersecurity (ENISA) has published its first NIS360 report, assessing the cybersecurity maturity and criticality of sectors covered by the NIS2 Directive. The report provides a sector-by-sector analysis, helping authorities, policymakers, and businesses understand where improvements are needed and how progress can be tracked. 

What is the NIS360? 

The NIS360 is a product developed by ENISA assessing how well different sectors under NIS2 are prepared to handle cybersecurity threats. It offers both a broad and detailed view of sector readiness, allowing authorities and businesses to:

  • Identify areas where cybersecurity needs to be strengthened
  • Prioritise efforts and investments
  • Monitor progress over time. 

 

ENISA’s Focus Areas 

The NIS360 report highlights three main priorities for improving cybersecurity across Europe: 
 

  1. Stronger Collaboration 

  • Encouraging cooperation between sectors and across borders to ensure a more coordinated approach to cybersecurity. 
     

  1. Clearer Sector-Specific Guidance 

  • Developing practical steps for different industries to implement NIS2 requirements effectively. 

  • National authorities are increasing their efforts, but more investment in training and expertise is needed. 
     

  1. Consistency Across Borders 

  • Aligning cybersecurity regulations across Member States to reduce gaps and improve response times for cyber incidents. 

 

Cybersecurity Challenges in High-Risk Sectors 

ENISA identifies electricity, telecoms, and banking as the most mature and resilient sectors due to their established cybersecurity practices and regulatory oversight. 

However, six sectors are falling behind, requiring urgent attention to strengthen their resilience: 

  • ICT Service Management – A critical part of the digital economy, but faces cybersecurity risks due to its international scope and overlapping regulations with NIS2 and DORA. 

  • Space Sector – Lacks strong cybersecurity foundations, relying on commercial off-the-shelf components with limited testing. 

  • Public Administration – Remains highly vulnerable to cyberattacks, including those linked to state actors, and requires more structured support. 

  • Maritime Sector – Continues to struggle with securing operational technology and would benefit from industry-specific guidance and cybersecurity drills. 

  • Health Sector – A high-risk target due to outdated systems, supply chain vulnerabilities, and poorly secured medical devices. 

  • Gas Sector – Needs better response mechanisms and stronger links with the electricity and manufacturing industries to reduce cybersecurity risks. 

 

What Happens Next? 

The NIS360 report makes it clear that cybersecurity across Europe needs continued investment and coordination. Sectors that lag behind must take decisive action to strengthen their defences, adopt better security measures, and work more closely with regulators and industry peers. 

 

BDO Malta: Supporting Businesses in Cybersecurity 

As regulatory expectations tighten, organisations must ensure they are prepared to meet NIS2 requirements. BDO Malta provides support to businesses looking to improve cybersecurity, strengthen compliance, and enhance risk management strategies. 

Get in touch with BDO Malta today to discuss how we can assist your organisation in meeting NIS2 and other cybersecurity requirements. 


Get in touch

 

Related Insights & Articles