Study on CSIRT landscape and IR capabilities in Europe 2025
This ENISA study details trends about the recent and current evolution of CSIRTs and Incident Response (IR) capabilities in Europe towards 2025 at a strategic and policy level. As stressed in the 2016 Directive concerning measures for a high common level of security of network and information systems across the Union (NIS Directive), CSIRTs play a vital role in cyber resilience in a context of increasing dependency on digital infrastructures. They perform an important function throughout the crisis management process, from identifying security incidents, protecting organisations against attacks, disseminating information on threats and recovering from incidents. The analysis framework included the following aspects: Technology trends Legal and regulatory landscape Actors at the policy, strategic and operational levels Changing threat environment. These trends and findings were identified by mapping new and less visible CSIRTs recently created and byinvestigating policies across Europe and their impact outside Europe. Eighty-one (81) new CSIRTs were identified and a corpus of 36 policy, regulatory, and strategic documents related to the development of cyber incident response capabilities were analysed.