The European Union Agency for Network and Information Security (ENISA) said of the 169 incidents reported by NRAs in each of the 28 EU member states, 51% impacted mobile telephony and internet. These have the biggest impact on users, with around half a million users per incident impacted.
Most incidents reported were caused by system failures (62% of the incidents) as a root cause. Often these are hardware failures or software bugs. Human error (18%) and natural phenomena (17.2%) also had a high impact.
Interestingly malicious actions accounted for just 2.5% of the incidents, down from 5.1% in 2016. This has trended below 10% across multiple years, ENISA said.
In 7% of incidents reported there was an impact on interconnections between providers. Compared to 2016 this figure was stable.
Telecoms companies in the EU have to report significant security incidents to their respective national regulators in the 28 EU states, plus Norway and Switzerland. These are then compiled by ENISA for its annual report. These incidents include causing disruptions to fixed and mobile telephony and internet access and other services.
Udo Helmbrecht, director of ENISA, says: “Security breach reporting is a hallmark of EU cybersecurity legislation. Breach reporting is important for national regulators and for policy makers, because it reveals information about the actual number of security incidents, their impact, and trends.
“ENISA looks forward to the adoption of the new European code for electronic communications, which broadens the scope of supervision and is necessary in the context of a fast-changing landscape of electronic communications.”
Mandatory security reporting was first introduced in 2009, with ENISA collecting and aggregating the data since 2012. Over the even years it has reported the figures, it has found that system failures have dominated as the root cause of most reported incidents, making up for between 60-70% per year.
The impact of natural phenomena has been trending upwards, with factors such as heavy storms, heavy floods, or wildfires all impacting telecoms infrastructure. ENISA said the upward trend is “likely to increase due to climate change” meaning that “natural phenomena will continue to be a concern for the EU telecom sector”.
22 member states and two EFTA countries reported incidents, with six countries saying they had experienced no significant incidents. There was a slight increase in the total number of incidents, from 158 in 2016 to 169 in 2017.