Skip to main content
ENISA NIS Investments

Report

ENISA NIS Investments

Read report

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to
achieving a high common level of cybersecurity across Europe.

This report marks the third iteration of ENISA's NIS Investments report, which collects data on
how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in the
European Union’s directive on security of network and information systems (NIS
Directive)1 invest their cybersecurity budgets and how this investment has been influenced by
the NIS Directive. In addition, global cybersecurity market trends are presented through Gartner security data and insights observed globally and in the EU, in order to provide a better
understanding of the relevant dynamics.


This year's report presents data collected from 1080 OES/DSPs from all 27 EU Member
States and can now provide a historical dataset that allows for year-on-year comparison and
identification of trends. Moreover, sectorial deep dives were conducted for the Energy and
Health sectors.


Overall, a number of absolute values, such as IT and Information Security (IS) budgets or %
of IT budgets spent on IS seem to be significantly lower compared to last year. This can
be attributed to the composition of the survey sample and to the higher representation of OES
from the Energy and Health sectors due to the sectorial deep dives, but also to the
macroeconomic environment, such as the COVID-19 impact on the respective budgets.