ENISA, the European Union Agency for Network and Information Security, issued its Annual Incidents Report 2012. The report has been issued under Article 13a of the Common Regulatory Framework Directive (1009/140/EC) for electronic communications networks and services. The report highlights that 18 European Union countries reported 79 significant incidents during 2012. Only 9 countries reported no significant incidents.

Nearly 50% of incidents reported related to mobile telephony and the internet, which affected about 1.8 million users per incident. Over 75% of the incidents were reported as “system failures” with hardware being the most common followed by software issues. Only 6% of the incidents were attributed to cyberattacks with the internet, followed by fixed telephony, being the most affected. Cyberattacks accounted for the second biggest cause of internet issues behind hardware failures.

The report contains several examples of the types of incidents reported, some of which were related to hardware failures or configuration failures. Some notable incidents related to theft of fibre optic cables, vandalism by a former employee and distributed denial of service attacks.

ENISA’s report concludes that the proposal for a cybersecurity Directive contains a similar reporting requirement to the existing Framework Directive. ENISA supports reporting as a method of assisting the European Union and Member States to improve the security and resilience of electronic communications networks.