ENISA Threat Landscape Confirms Public Administration as Most Targeted Sector

The European Union Agency for Cybersecurity (ENISA) has published its latest threat landscape assessment, confirming that public administration was the most targeted sector across the reporting period, accounting for 38.2% of observed incidents. The finding underscores the sustained focus of threat actors — both state-sponsored and criminal — on government entities, which hold large volumes of citizen data and often operate legacy infrastructure with limited security investment.

DDoS attacks and ransomware remain the two most prevalent threat categories across Europe, consistent with trends observed in previous reporting cycles. However, ENISA's analysis highlights several evolving techniques that are shifting the threat profile. Supply-chain compromises accounted for 10.6% of observed threats, reflecting the growing exploitation of trusted vendor relationships and software dependencies to gain initial access to target environments. The agency also flags "Living Off Trusted Sites" (LOTS) as an emerging technique — where attackers use legitimate cloud services and platforms to host malicious payloads, exfiltrate data, or establish command-and-control channels, making detection significantly more difficult.

The report devotes particular attention to the role of artificial intelligence in the threat landscape. ENISA notes that AI is being used by threat actors to improve the quality and personalisation of phishing campaigns, generate polymorphic malware that evades signature-based detection, and automate reconnaissance of target environments. While AI-driven attacks have not yet reached the scale that some forecasts have predicted, the agency's assessment is that the trajectory is clear and that defensive capabilities must evolve accordingly.

For organisations in both the public and private sectors, the ENISA assessment reinforces the need for layered defences that go beyond perimeter security: network segmentation, zero-trust architectures, continuous monitoring, and — critically — the ability to detect and respond to incidents that originate through trusted third parties rather than direct intrusion.

Acompli perspective: ENISA's findings map directly onto the compliance obligations that organisations are already navigating. Supply-chain threats demand robust third-party risk management. The prominence of ransomware and DDoS reinforces the need for tested breach response procedures backed by accurate data mapping. And the growing use of AI by threat actors is a reminder that risk assessments must account not only for current threats but for the tools and techniques that are demonstrably emerging.