The European Union’s cybersecurity agency, ENISA, has published a new sectorial threat landscape report and a press release showing that public administrations are increasingly targeted by cyber-attacks, with DDoS emerging as the most common threat. Public administration, classified as highly critical under the NIS2 Directive, delivers essential services such as education, healthcare, transportation, and government functions. This makes the sector a high-value target, and for network engineers, it signals the importance of revisiting DDoS mitigation and monitoring strategies.
ENISA analysed 586 publicly reported cyber incidents across EU Member States in 2024. Public administration accounted for around 38% of all incidents, more than any other sector. Within the sector, central government entities were hit the hardest, representing roughly 69% of incidents, while local and regional authorities made up about 24% and 7%, respectively. DDoS attacks were responsible for approximately 60% of all incidents affecting public administration, making them the dominant threat. While most attacks were short-lived and did not directly disrupt services, their frequency and timing—particularly during July and December—create an ongoing risk profile for public-facing services.
Hacktivist activity drove the majority of these attacks, accounting for nearly 63% of incidents, while cybercrime operators were responsible for around 16%, and state-linked actors for 2.5%. The motivations behind hacktivist campaigns are often ideological rather than financial, aiming to cause disruption or attract attention. This pattern can influence how network teams configure detection thresholds, monitor traffic, and respond to application-layer floods or short, repeated bursts of traffic. Data-related incidents, including breaches and exposures, were less common but carried a higher impact. Data breaches accounted for about 17% of incidents, and exposures roughly 1%. Even though ransomware and cyberespionage events were observed less frequently, their potential disruption to critical services, such as e-ID systems, tax portals, and court scheduling, highlights the importance of layered cybersecurity strategies.
ENISA recommends strengthening architectural resilience by placing critical portals behind content delivery networks or web application firewalls with always-on protection and publishing static fallback pages with DNS failover. Redundancy across service providers is also crucial to prevent a single point of failure. Operational preparedness is equally important. Public administration teams should maintain incident response plans, including contacts for ISPs and cloud providers, and run exercises to test how cascading failures could affect multiple agencies. Collaboration and intelligence sharing with national CERTs and other agencies can help identify emerging threats and anticipate coordinated campaigns.
For FastNetMon users, these findings reinforce the value of real-time traffic monitoring and automated alerts. While public sector DDoS attacks are often short, having visibility into abnormal traffic patterns, a clear response playbook, and a community to share detection rules can reduce downtime and improve mitigation speed. Integrating these practices helps ensure that public services remain available even under repeated attack attempts.
The 2025 ENISA report confirms that public administrations in the EU are likely to remain among the most targeted sectors in the short-to-mid term. Network engineers and security teams must focus on resilience, detection, and collaboration to protect critical services and maintain citizen trust. Ensuring telemetry coverage, fallback site readiness, and well-practiced response plans is essential in this evolving threat landscape.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com