{"id":222571,"date":"2026-05-28T08:07:00","date_gmt":"2026-05-28T12:07:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors\/"},"modified":"2026-05-29T14:35:31","modified_gmt":"2026-05-29T18:35:31","slug":"nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors\/","title":{"rendered":"NIS360: The bigger picture on maturity and criticality of NIS critical sectors"},"content":{"rendered":"<p><a href=\"https:\/\/www.enisa.europa.eu\/news\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors\">NIS360: The bigger picture on maturity and criticality of NIS critical sectors<\/a><\/p>\n<p><a href=\"https:\/\/www.enisa.europa.eu\/news\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors\">https:\/\/www.enisa.europa.eu\/news\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 08:07:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.enisa.europa.eu\">www.enisa.europa.eu<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. The ENISA NIS360 aims to work as an annual assessment tool supporting national authorities, policymakers and other stakeholders in assessing the cybersecurity maturity and criticality of high criticality sectors under the NIS2 Directive.<br \/>\nENISA Executive Director,\u00a0Juhan Lepassaar, said:\u00a0\u201cThe findings of this NIS360 report provide grounds to be optimistic. The implementation of the comprehensive EU cybersecurity regulatory framework, and particularly NIS2, has brought significant improvements. ENISA stands for prioritising cybersecurity and advancing the implementation of EU policies, which are vital now more than ever, to enhance the cyber resilience of our critical infrastructure and societies.\u201d.<\/p>\n<p>The report has a comprehensive approach, where each sector is understood to comprise relevant actors (i.e., national authorities, entities, EU bodies) and applicable rules (EU legislation).\u00a0In this regard, a sector\u2019s maturity under the NIS360 is determined by: legislation and its effectiveness, companies and their preparedness, authorities and their institutional capacity, and sectoral ecosystem structures and their effectiveness.<br \/>\nThe assessment relies on a structured methodology developed and continuously refined by ENISA that takes into account the structural and gradually evolving nature of sectoral cybersecurity maturity and criticality. It also builds on evidence gathered over time from organisations operating within the in-scope sectors, national authorities supervising those organisations, but also EU-level data, to reflect our latest evidence-informed understanding of where each sector stands.\u00a0<br \/>\nAs a result, the NIS360 provides both a comparative overview of sectors and a more detailed analysis per sector to help identify gaps and prioritise resources.\u00a0<br \/>\nDefining the Risk Zone<\/p>\n<p>A combination and joint interpretation of the criticality and maturity dimensions helps identify areas where mismatches exist between the two and define a risk zone.\u00a0<br \/>\nThe risk zone includes sectors with lower-than-average maturity and criticality that exceeds their maturity. This year\u2019s risk zone includes health, railway, maritime, ICT management service, space, public administrations, drinking and waste water.\u00a0<br \/>\nIts composition changes over time as overall maturity improves across sectors.\u00a0This explains why three sectors \u2014 railway, drinking water, and waste water \u2014 previously at the risk zone boundary, are now within the risk zone. A positive development is that the gas sector has started moving out of the risk zone.<br \/>\nSuch shift is driven by improved information sharing, stronger collaboration, and better implementation of risk management measures, leading to higher maturity.<br \/>\nDeep-dive on criticality<br \/>\nWhile criticality of the sectors is defined by NIS2, the NIS360 assessment ranks the sectors taking into account several elements, such as systemic relevance, exposure, and impact of disruption. As these factors typically change gradually, criticality scores tend to remain relatively stable from year to year.\u00a0<br \/>\nIn this year\u2019s edition, sectors such as banking, electricity, aviation, space, and digital-by-default services (including telecommunications, cloud, and data centres) remain the most critical.<br \/>\nSpace has joined this group this year, reflecting its growing role in society and across other sectors, which increases dependency, impact, and time criticality. The railway sector increased in criticality due to its growing role in military logistics, and the heightened cyber threat exposure.\u00a0<br \/>\nSpotlight on maturity\u00a0<br \/>\nMaturity is measured by how effectively and consistently the sector manages cybersecurity risks and capabilities over time, meaning the overall preparedness of the sector. Since the previous edition of this report, cybersecurity maturity across EU critical sectors seems to be steadily improving as organisations respond to the evolving policy requirements and to the cyber threats they face.\u00a0<br \/>\nThree sectors, including trust services, aviation, and financial market infrastructures (FMIs) moved into the high maturity band. In addition, four sectors strengthened their maturity within the moderate band: gas, road, maritime, and health.\u00a0<br \/>\nThis improvement is often driven by several compounding factors including developments in cybersecurity legislation, increased political attention, but also progress across specific maturity dimensions assessed. Particularly, on cybersecurity legislation, findings of the 2025 ENISA NIS Investments study also suggest that it has acted as a key driver for cybersecurity investment and has encouraged organisations to strengthen their cybersecurity posture.<br \/>\nDespite maturity steadily improving across critical sectors, progress still remains uneven both across and within sectors. A number of factors contribute to these variations including skill shortages, sector-specific characteristics and even organisational size.<br \/>\nMoving forward<br \/>\nIn the future, it is anticipated that cybersecurity legislation and organisations\u2019 efforts to strengthen their cybersecurity maturity will continue to prompt cybersecurity investment and drive preparedness, leading to more sectors moving out of the risk zone.<\/p>\n<p>\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIS360: The bigger picture on maturity and criticality of NIS critical sectors https:\/\/www.enisa.europa.eu\/news\/nis360-the-bigger-picture-on-maturity-and-criticality-of-nis-critical-sectors Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222572,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.enisa.europa.eu\/sites\/default\/files\/inline-images\/image_6.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-222571","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222571"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222571"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222571\/revisions"}],"predecessor-version":[{"id":222573,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222571\/revisions\/222573"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222572"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}