European Union Agency for Cybersecurity (ENISA) – Foresight Cybersecurity Threats For 2030 (Update 2024)

In 2021, European Union Agency for Cybersecurity (ENISA) developed a cybersecurity foresight methodological framework grounded in foresight research and future studies. The framework was first used in 2022 to devise future scenarios and identify threats and challenges likely to emerge by 2030. This methodology was produced in cooperation with the wider cybersecurity community.

ENISA published the executive summary of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking.

The following top ten list includes a revised line-up of the emerging cybersecurity threats to have an impact by 2030:

1. Supply Chain Compromise of Software Dependencies

2. Skill Shortage

3. Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems

4. Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem [New in Top Ten]

5. Rise of Digital Surveillance Authoritarianism / Loss of Privacy

6. Cross-border ICT Service Providers as a Single Point of Failure

7. Advanced Disinformation / Influence Operations (IO) Campaigns

8. Rise of Advanced Hybrid Threats

9. Abuse of AI

10. Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure [New in Top Ten]

Despite a slight decline compared to past years' results in the overall score of impact and likelihood, ‘Supply Chain Compromise of Software Dependencies’ still remains the highest-ranking threat. This is considered as an after-effect of the expanding integration of third-party suppliers and partners in the supply chain, leading to new vulnerabilities and opportunities for attacks.

Read the relevant press release which ENISA issued and download the publications here.