European Union Agency for Cybersecurity (ENISA) – Best Practices for Cyber Crisis Management

April 24, 2024

The European Union Agency for Cybersecurity (ENISA) published a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management.


The geopolitical situation continues to impact the cyber threat landscape also within the European Union. Planning for expected or unexpected threats and incidents is vital for good crisis management.


The study outlines the framework and circumstances with cyber crisis scenarios and proposes a series of best practices that will enable the transition into the new requirements of NIS2 Directive, the EU-wide legislation on cybersecurity. The study aims to bring a heterogeneous ecosystem towards stronger harmonisation. The proposed best practices are clustered into the four phases of the cyber crisis management cycle (prevention, preparedness, response and recovery) and refer to issues arising during each stage with an all-hazards approach.


The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe). Under NIS2 Directive, ENISA's mandate has a role as the secretariat for Cyber Crises Liaison Organisation Network (EU CyCLONe), a network dedicated to enhance Member States' national authorities’ cooperation in cyber crisis activities and management. The network collaborates and develops information sharing and situational awareness based on the support and tools provided by ENISA. The network is chaired in turns by a representative from the Presidency of the Council of the EU.


Read the relevant press release which ENISA issued and download the study here.