Imagine a shadowy forum where different malicious groups, from cybercriminals to state aligned spies and political hacktivists, are all sharing their best tools and tactics. That’s the chilling reality unveiled in the ENISA Threat Landscape 2025 (ETL 2025) report. It’s not just about more incidents, it’s about a convergence. Threat actors with different motivations are now using the same playbook, exploiting the same weak doors at an unprecedented industrial scale.
As European Cybersecurity Month begins, the ETL 2025 isn’t just a report, it’s a critical and immediate warning. It’s the essential intelligence you need to understand the new coordinated strategy against your organisation, how these groups are entering and how you can use this month to finally build defences that address this unified threat.
This is your cue to move from awareness to action, securing your journey toward NIS2 compliance before the convergence hits home.
Why ‘Convergence’ Changes Everything
The most striking feature of ETL 2025 is the blurring line between threat actors. Whether they are state aligned, hacktivists or pure cybercriminals, they are increasingly using the same Tactics, Techniques and Procedures (TTPs).
This means:
- Defences must evolve: Defences that worked against one kind of threat may now be less effective, because the threat is morphing.
- Proactive Resilience is mandatory: Investment in security can’t just be reactive. You need proactive resilience, spanning across people, process and technology.
Key Findings from ETL 2025: The New Threat Landscape
Here are the most important trends from ENISA’s analysis and why they should drive your awareness activities this month:
| Threat Trend | The ENISA Data | Why It Matters to You |
|---|---|---|
| Hacktivism & DDoS Dominance | Around 77% of reported incidents were DDoS attacks, mostly by hacktivists. | Shows how even low impact incidents consume resources and erode customer trust. DDoS readiness is mandatory. |
| Ransomware: Highest Impact Threat | Ransomware may not be the most frequent, but it remains the most impactful threat, causing substantial data loss and operational downtime. | The damage from one successful attack can potentially put a critical entity out of business. |
| Phishing & Vulnerability Exploitation | Phishing (vishing, malspam) accounts for approx 60% of intrusions, with vulnerability exploitation next (21.3%). | Prevention must start with employee training and patch hygiene. |
| AI Being Weaponised | Growing use of AI to scale phishing and social engineering. Also, new exposure points in the AI supply chain. | LLMs lower the barrier to entry for attackers and create new internal blind spots. |
| Sectoral Targets & NIS2 Focus | Public administration is the top target (38.2%), followed by transport, digital infrastructure, finance and manufacturing. Over half of incidents concern entities covered by NIS2. | If you are an “Essential” or “Important” entity, the alarm bells should be deafening. |
The Real Risk for EU Organisations
If you run or manage any critical digital infrastructure (public admin, transport, finance and manufacturing etc.) or are bound by regulations like NIS2, ENISA’s findings should ring alarm bells. The convergence trends translate into four core risks:
- Increased Attack Surface: A vulnerability in one third party service can now ripple widely, given the surge in abuse of cyber dependencies.
- Reputation Damage: Repeated incidents, even small DDoS attacks, cost customer trust and cause significant resource strain.
- Regulatory & Legal Risk: Failing to comply with NIS2 (or equivalent) means not just penalties, but increased legal liability and potential loss of contracts.
- Resource Strain: Repeated incidents, even small ones, eat into budget, person hours and distract from strategic work.
Your Cybersecurity Awareness Month 5 Point Action Plan
To stay ahead of these convergent threats, use this October as a mandate to drive these concrete, prioritised measures across your organisation:
1. Strengthen Phishing Defences and MFA (People)
Phishing is the number 1 attack vector. Focus your awareness campaign here.
- Regular, role specific training (especially for executive, admin staff).
- Simulated phishing tests that reflect the new AI enhanced social engineering.
- Implement Multi Factor Authentication (MFA)..
2. Patch and Manage Vulnerabilities Proactively (Technology)
Vulnerability exploitation is the number 2 vector. Your patch hygiene must be impeccable.
- Maintain an inventory of all systems, software and third party dependencies .
- Ensure timely patching, especially for known critical vulnerabilities listed in ENISA European Union Vulnerability Database.
- Monitor third party suppliers for their security status.
3. DDoS Readiness & Resilience Drills (Process)
Convergence means more malicious attackers can deploy DDoS (Distributed Denial of Service) attacks.
- Ensure capacity and mitigation solutions are in place.
- Test your Incident Response Plan to cover DDoS scenarios, focusing on rapid communication and service failover.
- Consider redundancy for critical services.
4. AI Risk Oversight (Strategy)
Manage the risk AI introduces into your organisation.
- Review all usage of Large Language Models (LLMs) and AI tools in your workflows and assess potential exposures (e.g., social engineering, prompt injection attacks).
- Vet vendors supplying AI systems by checking their security posture and data handling practices.
5. Align with Compliance & Regulation (Governance)
Over 50% of incidents target NIS2 entities. Use the report as justification for compliance efforts.
- Map which parts of your organisation are “Essential Entities” or “Important Entities” under NIS2.
- Conduct risk assessments as required by the Directive.
- Implement formal governance and reporting mechanisms to align with new regulations.
The ETL 2025 report makes one thing crystal clear: cyber threats in the EU are growing more frequent and more aligned. That means your organisation can’t afford to lag in its security posture.
Whether you’re in public administration, infrastructure, finance or other regulated sectors, now is the time to take targeted action. Don’t just make it a month of awareness, make it a month of actionable resilience.
Don’t get caught off guard. Contact our expert team at Secora Consulting for a free consultation to discuss your specific cybersecurity needs.