Hi All,
The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022. Security incident reporting is a hallmark of EU cybersecurity legislation. It is an important enabler of cybersecurity supervision and a support tool for policymaking at the national and EU levels.
In the European Union, telecom operators notify significant security incidents to their national authorities. At the start of every calendar year, the national authorities send a summary of these reports to ENISA. The European Electronic Communications Code (EECC 2018/1972) reinforces the provisions (1) for reporting incidents, clarifying what incidents fall within its scope (2), as well as the technical guidelines (3) and the notification criteria. ENISA offers an online visual tool for analysing incidents, which can be used to generate custom graphs, available on https://ciras.enisa.europa.eu.
Key findings in 2022 summary report
The 2022 annual summary contains reports of 155 incidents submitted by national authorities from 26 EU Member States and two European Free Trade Association countries.
In 2022, 11 209 million user hours (4) were lost in total, compared to 5 106 million in 2021. This is clearly a much higher number compared to previous years, as we can see in Figure 1. The reason for this is the important increase of incident reports related to Over-The-Top (OTT) services, a recent metric taken on board in the cybersecurity incident-reporting and analysis system since 2021.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------