The Threat Landscape published by the European Union Agency for Cybersecurity (ENISA) provides a valuable compass for navigating the field, helping distinguish mere “background noise” from what truly matters to protect companies and digital infrastructures.
What is ENISA?
ENISA can be imagined as a sort of “European cybersecurity consultant.” The acronym stands for the European Union Agency for Cybersecurity, the European Union agency responsible for strengthening cybersecurity across the continent. On one side, it analyzes threats and publishes reports (such as the Threat Landscape); on the other, it supports institutions, companies, and citizens in improving their digital defenses. Its work does not stop at research: it contributes to drafting regulations, coordinates responses to major incidents, proposes operational guidelines, and promotes collaboration among Member States.
ENISA Threat Landscape 2025
On October 1st, 2025, marking the official launch of Cybersecurity Month together with the European Commission, the Threat Landscape 2025 was published. It is an 87-page report offering a clear picture of the cybersecurity threat ecosystem in Europe, covering the period from July 2024 to June 2025 and based on approximately 4,900 selected incidents.
The message is quite direct: to truly protect companies, attention must focus above all on phishing, which alone accounts for about 60% of intrusions.
What is Meant by Phishing?
Phishing is the most widespread and unfortunately the most effective intrusion vector, because it exploits not so much technology as people’s trust. A highly skilled hacker is not required: a well-written message that appears legitimate is often enough to convince someone to click, enter a password, or download a malicious file.
Over the years, it has evolved into several variants that are important to understand in order to protect companies.
- Phishing (classic, via email): an email that appears to come from a trusted source such as a bank, a courier, or even a colleague, but actually contains malicious links or attachments. A risk not to be underestimated, as Artificial Intelligence makes these emails increasingly convincing.
- Quishing (via QR code): a recent and particularly insidious variant. A QR code is provided (via email, on a flyer, or within a document) that leads to a counterfeit website designed to steal credentials.
- Spearphishing (targeted): here the attack is crafted specifically for the company. The attacker gathers information and prepares a credible, personalized message, for example by impersonating a supplier or partner.
- Smishing (via SMS): same principle as traditional phishing, but via SMS. A classic example: a message announcing a package delivery with a link to click.
- Vishing (via voice): in this case, the scam happens over the phone: a voice posing as a bank operator, IT support, or even an authority. The goal is to persuade the victim to share sensitive information such as passwords or access codes.
Incidents by Sector
Looking at the number of cybersecurity incidents in Europe between 2024 and 2025, the public sector tops the list with 38.2%. It is followed by transport, digital infrastructure, finance, and manufacturing with much lower percentages.
The Transport Sector Under Attack in Italy
In March 2025, we saw a very concrete example of what a cyberattack can cause. A supplier managing the ticketing platform of several Italian transport companies suffered a data breach, leading to two days of complete platform outage and leaving thousands of commuters in difficulty. The same campaign also targeted the app and subscription portal of Busitalia Veneto, as well as the ATM Milano company.
Cybersecurity Trends
The phishing risk must be taken very seriously, while cyberattacks on public administration — with France and Italy leading in number of incidents — and on the transport sector remain among the most targeted by cybercriminals.
What other trends emerge from the Threat Landscape?
- DDoS attacks launched by “hacktivists” (groups attacking systems for ideological reasons) dominate in volume, representing 76.7% of incidents.
- Ransomware (83.5%) remains the most impactful threat.
- Cyberthreats are most often propagated through mobile devices (42.4%).
