Gogou, Vassiliki
Trust Services Security Incidents 2020 : Annual report : July 2021 / Vassiliki Gogou, Marnix Dekker and Eleni Vytogianni, European Union Agency for Cybersecurity .-- [S.l.] : ENISA, 16 July 2021 .-- 19 p. : gráf. ; 1 documento PDF
This report provides an aggregated overview of the notified breaches for 2020, analysing root causes, statistics and trends. Marks the fifth round of security incident reporting for the EU’s trust services sector. In this round of annual summary reporting a total of 27 EU countries and 2 EFTA countries took part. They reported a total of 39 incidents.
This report concludes that: 1) A steady increase in notified incidents: in 2020 notified incidents increased by around 18%, suggests that authorities and TSPs are becoming more familiar with the breach reporting process and their obligations under eIDAS.
2) The number of incidents with a large impact has dropped: in 2020 only 3 incidents
were characterized as having had a “large impact” as opposed to 2019 when 10 such incidents had been reported
3) Τhe ratio of reported incidents concerning qualified and non-qualified trust services
remains high: in 2020, 69% of total incidents had an impact on qualified trust services
compared to approximately 33% of incidents reported on non-qualified trust services 4) The impact on subservices is mainly divided between certificate management (47% of the incidents) and certificate generation (42% of the incidents).
5) Approximately 66% (26 incidents) of the reported incidents were rated as minor
compared to 2019 when 60% (19 incidents) were rated as having had only a minor
impact. Only one incident had a very large (disastrous) impact, and only three incidents
had a large impact. Furthermore, a significant increase in minor incidents has been
observed, indicating that the incident reporting mechanism has become more familiar to
the providers and they are reporting more incidents regardless of their severity.
978-92-9204-511-1
10.2824/277632 DOI
Ciberseguridad y confianza
data security
ensuring security
online privacy
trust
Vytogianni, Eleni
Dekker , Marnix
European Union Agency for Cybersecurity
Trust Services Security Incidents 2020 : Annual report : July 2021 / Vassiliki Gogou, Marnix Dekker and Eleni Vytogianni, European Union Agency for Cybersecurity .-- [S.l.] : ENISA, 16 July 2021 .-- 19 p. : gráf. ; 1 documento PDF
This report provides an aggregated overview of the notified breaches for 2020, analysing root causes, statistics and trends. Marks the fifth round of security incident reporting for the EU’s trust services sector. In this round of annual summary reporting a total of 27 EU countries and 2 EFTA countries took part. They reported a total of 39 incidents.
This report concludes that: 1) A steady increase in notified incidents: in 2020 notified incidents increased by around 18%, suggests that authorities and TSPs are becoming more familiar with the breach reporting process and their obligations under eIDAS.
2) The number of incidents with a large impact has dropped: in 2020 only 3 incidents
were characterized as having had a “large impact” as opposed to 2019 when 10 such incidents had been reported
3) Τhe ratio of reported incidents concerning qualified and non-qualified trust services
remains high: in 2020, 69% of total incidents had an impact on qualified trust services
compared to approximately 33% of incidents reported on non-qualified trust services 4) The impact on subservices is mainly divided between certificate management (47% of the incidents) and certificate generation (42% of the incidents).
5) Approximately 66% (26 incidents) of the reported incidents were rated as minor
compared to 2019 when 60% (19 incidents) were rated as having had only a minor
impact. Only one incident had a very large (disastrous) impact, and only three incidents
had a large impact. Furthermore, a significant increase in minor incidents has been
observed, indicating that the incident reporting mechanism has become more familiar to
the providers and they are reporting more incidents regardless of their severity.
978-92-9204-511-1
10.2824/277632 DOI
Ciberseguridad y confianza
data security
ensuring security
online privacy
trust
Vytogianni, Eleni
Dekker , Marnix
European Union Agency for Cybersecurity