Skip to main content
European Commission logo
Shaping Europe’s digital future
Consultation results | Publication

Summary report on the public consultation on the evaluation and review of the European Union Agency for Network and Information Security (ENISA)

The public consultation took place between 18 January and 12 April 2017. It was conducted in the context of the evaluation and review of ENISA in accordance with Article 32 of Regulation (EU) No 526/2013. A summary report of the consultation is now available. The full report will be published by the end of July 2017. The results will feed into the design and the implementation of EU policy in the area of cybersecurity, and help prepare for the future of ENISA.

Objectives of the consultation

The public consultation took place between 18 January and 12 April 2017. It was conducted in the context of the evaluation and review of ENISA in accordance with Article 32 of Regulation (EU) No 526/2013.

ENISA was set up in 2004 with the overall goal of ensuring a high level of network and information security within the EU. ENISA has since supported European institutions, Member States and the business community in addressing, responding to and preventing network and information security problems.

The results of the consultation will feed into the overarching evaluation of ENISA that aims to assess the performance of the Agency in achieving its objectives, mandate and tasks over the 2013-2016 period in accordance with the evaluation criteria set out in the EU Better Regulation Guidelines assessing the effectiveness, efficiency, coherence, relevance and EU added value of the Agency. The public consultation also aimed to contribute to a reflection on policy options for the revision of ENISA’s mandate, due to expire in 2020.

For this purpose, the consultation was structured around two sections:

  • Backward looking – ex-post evaluation of ENISA
  • Forward looking – focusing on evolving needs and challenges in the cybersecurity landscape and the possible role of an EU body to meet them in the future.

 

Who replied to the consultation?

90 replies were received, including 88 responses to the questionnaire and two position papers. The profiles that are presented below refer only to the respondents to the questionnaire.

Respondents from 19 different Member States participated in the open public consultation. The highest number of responses came from residents of Germany and Belgium (15 responses each), followed by respondents from Italy (7 responses), as presented in the figure below.

The pie chart distribution of respondents by country of origin.

More than half of the respondents to the open public consultation answered on behalf of an organisation, while just over a quarter answered in their professional capacity and almost a quarter of respondents answered in their personal capacity.

The pie chart distribution of respondents by country of origin.

The public consultation results show that, overall, the largest proportion of the respondents that answered on behalf of an organisation represented the industry sector, which included private enterprises and representative associations of the sector. Contributions from the public sector were comparatively low, though respondents representing national authorities were among the highest respondent group.

Among those who answered either on behalf of an organisation or in their individual professional capacity (68 respondents in total), the largest proportion worked in the field of cybersecurity while the rest primarily worked in telecommunications and “other” sectors focusing on advisory & research and government affairs.

Types of Organisations

% of respondents

Number of respondents

N=68

Cybersecurity

44%

30

Telecom sector

16%

11

Financial sector

7%

5

Software development

6%

4

Hardware manufacturer

3%

2

Key internet company

3%

2

Transport

3%

2

Other

16%

11
 

 

Preliminary findings of the public consultation

Backward looking

Evaluation of ENISA in the period 2013-2016

The overall performance of ENISA during the period 2013 to 2016 was positively assessed by a majority of respondents as contributing to network and information security in the EU. A majority of respondents furthermore considered ENISA to be achieving either to a great or some extent its individual objectives (namely: developing and maintaining a high level of expertise in cybersecurity; supporting cooperation in the cyber security community; supporting the development and implementation of EU policy; supporting the Member States, the EU institutions, agencies and bodies to strengthen their capability and preparedness to prevent, detect and respond to network and information security problems and incidents).

ENISA’s services and products, in particular guidelines, recommendations and reports, are regularly (monthly or more often) used by almost half of the respondents and are appreciated for the fact that they stem from an EU-level body and for their quality.

In general, ENISA’s work was considered to be coherent (i.e. take into account, do not overlap, do not conflict with), at least to some extent, with the work of other national and EU level, public and private organisations.

Forward looking

EU needs and gaps in the cybersecurity landscape in Europe and future EU priorities

Considering the evolving cybersecurity landscape and the current EU policy response, respondents most frequently referred to the following needs or gaps as being the most urgent in the cybersecurity field in the EU over the next ten years:

  • Cooperation across Member States in matters related to cybersecurity
  • Capacity to prevent, detect and resolve large scale cyber-attacks
  • Cooperation and information sharing between different stakeholders, including public-private cooperation
  • Protection of critical infrastructure from cyber-attacks

A large majority of respondents considered the current instruments and mechanisms available at EU level to be partially or only marginally adequate to address these needs.

Respondents most frequently referred to the following as the top priorities for EU action from now on in order to address the identified needs and gaps in cybersecurity in the future:

  • Stronger EU cooperation mechanisms between Member States, including at operational level
  • Stronger public-private cooperation in cybersecurity
  • Improving research to address cybersecurity challenges
  • Improving education and curricular development in cybersecurity as a top priority for EU action.

 

ENISA's role for the future

98% of respondents saw a need for an EU body to respond to the identified needs and gaps (see above) and identify ENISA as the appropriate organisation to help the EU responding to those needs and gaps.

In particular, the respondents judged that ENISA, if sufficiently mandated and resourced, could play an important role in achieving the following: 

  • Stronger cooperation between different authorities & communities
  • Stronger EU cooperation mechanisms between Member States
  • Improve capacity in Member States through training and capacity building
  • Stronger public-private cooperation in cybersecurity
  • Improving research to address cybersecurity challenges

 

Next steps

The Commission is now carrying out an in-depth analysis of the replies to the public consultation. The full synopsis report will be published by the end of July 2017. The results will feed into the design and the implementation of EU policy in the area of cybersecurity, and help prepare for the future of ENISA.

 

Contributions

Contributions received from individuals

Contributions from organisations

 

Related content

Last update

9 March 2021

Print as PDF