The latest sectorial report from the European Union’s cyber agency ENISA provides an overview of threats to public administration. It finds central governments were the most targeted, accounting for 69 per cent of incidents, notably against the websites of parliaments, ministries and national authorities. Distributed Denial-of-Service (DDoS) attacks accounted for 60pc of incidents.
Volume
Hacktivist activities remain the most prevalent in terms of volume of cyber-attack. In 2024, hacktivists accounted for nearly 63pc of incidents, while cybercrime operators and state-nexus intrusion represented about 16pc and 2.5pc, respectively. Phishing is still a common initial access vector.
NIS2
In the EU, the public administration sector is among those covered by the NIS2 Directive (short for Network and Information Security) which came into effect replacing an earlier directive in 2023. Its aim; to achieve a common level of cybersecurity across EU member states.
ENISA Executive Director Juhan Lepassaar said: “Cyber-securing public administrations is central to citizens’ welfare and to the good functioning of the single market across the EU. Public administrations provide reliable and effective public services, so it is essential to ensure a high-level of cybersecurity within their wider network of national, regional and local bodies.”
Last month ENISA released its Threat Landscape 2025, that also reported DDoS attacks as the dominant incident type.
Comment
James Neilson, SVP International at OPSWAT, said: “With rising geopolitical tensions and conflicts, public administration is a popular target for attackers, especially hacktivists and nation-state groups. Cyberattacks are a highly effective method of conducting espionage or causing instability by disrupting vital services on which a nation’s citizens depend, with a low degree of attribution risk. The challenge for government departments is that they often have complex networks containing a mixture of legacy systems and supply chains on which they are reliant. Entities such as healthcare and defence, which fall under public administration, contain a significant number of OT systems within their environments.
“It’s clear from ENISA’s report that attackers are targeting operational and service availability when they attack governments. Therefore, it’s essential that security strategies focus on protecting uptime. IT systems, internet connectivity, and transient devices are major attack surfaces and can even be used to infiltrate OT systems. It’s critical that organisations isolate critical systems and have back-ups in place so that essential services remain online. Security teams should also focus on strengthening their cyber hygiene, enforcing zero-trust access, and investing in proactive threat prevention.”
