ENISA has identified and ranked the 10 top cybersecurity threats to emerge by 2030, after engaging in an 8-month foresight exercise. With the support of the ENISA Foresight Expert Group, the CSIRTs Network and the EU CyCLONe experts, ENISA brainstormed in a Threat Identification Workshop to find solutions to the emerging challenges in the horizon of 2030.

The exercise shows that the threats identified and ranked stand as extremely diversified and still include those mostly relevant today. What we learn is that today's threats will remain to be addressed as they will have shifted in character. We also observe that increased dependencies and the popularisation of new technologies are essential factors driving the changes. Such factors add to the complexity of the exercise and thus make our understanding of threats even more challenging.

The foresight analysis is an essential tool to assess how threats are likely to evolve. The conclusions of this exercise are meant to serve as an incentive to take action.

What are the TOP 10 emerging cybersecurity threats?

• Supply chain compromise of software dependencies
• Advanced disinformation campaigns
• Rise of digital surveillance authoritarianism/loss of privacy
• Human error and exploited legacy systems within cyber-physical ecosystems
• Targeted attacks enhanced by smart device data
• Lack of analysis and control of space-based infrastructure and objects
• Rise of advanced hybrid threats
• Skills shortage
• Cross-border ICT service providers as a single point of failure
• Artificial intelligence abuse
  

Backstage: foresight techniques used in a nutshell

Performed between March and August 2022, the methodology included collaborative exploration based on the analysis of political, economic, social and technological factors also know as PESTLE analysis, threat identification and threat prioritisation workshops.

The study considered the four groups of threat actors as referred to in the ENISA Threat Landscape report and used the current threat taxonomy dividing threats into high-level categories with a specific focus on intentional threats.

In order to identify threats, experts involved in the project resorted to science fiction prototyping or SFP. SFP consists of stories allowing participants to explore a variety of futures approached by different angles. SFP is based on a future scenario derived from trends and experienced from the point of view of a fictional character.

Also used to identify threats, the threatcasting methodology draws from traditional futures studies and military strategic thinking. The idea was to infer models of future environments using research.