Supply Chain Attacks Top Cyber Threat for 2030 – ENISA

The European Union’s leading cybersecurity agency predicts that ‘Supply Chain Compromise of Software Dependencies’ will be the most prominent cyber threat in 2030


Software supply chain attacks are the most concerning threat EU organizations could face in 2030, according to the European Union Agency for Cybersecurity’s (ENISA’s) 2024 update of its Foresight 2030 Threats.


For the second year in a row, ‘Supply Chain Compromise of Software Dependencies’ was the highest-ranking threat in the European cybersecurity agency’s predictive report, published in March 2024.


This is despite a decline compared to past years’ results in the overall score of impact and likelihood.


“More integrated components and services from third-party suppliers and partners could lead to novel and unforeseen vulnerabilities with compromises on the supplier and customer side,” ENISA wrote in the updated report.


The agency estimates that this threat could come from both nation-state and cybercriminal groups, which are likely to conduct sabotage, theft, and network reconnaissance campaigns as well as inject malicious code in commodity software.


This threat’s potential impact spans data leakage and loss to malfunction and disruption.


Human Error, Legacy Systems Still Top Threats


The top three also remain untouched compared to 2024’s ranking, with ‘Skill shortage’ as the second most prominent threat and ‘Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems’ as third.


However, a new threat, ‘Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem,’ has been added to the top five.


Top ten ENISA cyber threats for 2030:


  1. Supply Chain Compromise of Software Dependencies
  2. Skill Shortage
  3. Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems
  4. Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem (New)
  5. Rise of Digital Surveillance Authoritarianism / Loss of Privacy
  6. Cross-border ICT Service Providers as a Single Point of Failure
  7. Advanced Disinformation / Influence Operations (IO) Campaigns
  8. Rise of Advanced Hybrid Threats
  9. Abuse of AI
  10. Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure (New)


AI and Deepfake-Related Threats Looming


Other cyber threats cited in the ENISA’s report that do not make the top ten include ‘Manipulation of Systems Necessary for Emergency Response,’ ‘Tampering with Deepfake Verification Software Supply Chain’ and ‘AI Disrupting/Enhancing Cyber-Attacks.’


The first edition of ENISA’s Foresight 2030 Threats report was published in 2023.


The agency uses this report to increase awareness of future threats and countermeasures amongst its member states and EU institutions, bodies, and agencies (EUIBAs) stakeholders, in line with the institution’s sixth strategic objective, ‘Foresight on Emerging and Future Cybersecurity Challenges.’


The ranking is the result of ENISA’s research, which follows an in-house cybersecurity foresight methodological framework grounded in foresight research and future studies.


This framework was developed in 2021 in collaboration with the Ad-Hoc Working Group, which includes futurists, sociologists, forecasters, and foresight experts.


Source: ENISA

Related Posts


Security skills and certification gap behind intensified attack impacts

Organizations are increasingly attributing security breaches to a skills gap, while as a validation of current cybersecurity skills and knowledge, certifications continue to be highly valued by employers, according to Fortinet’s recent report.   Fortinet surveyed over 1,850 IT and cybersecurity decision-makers for its 2024 Global Cybersecurity Skills Gap Report. It found that 87% of […]


Survey Reveals Alarming Trend: half of cybersecurity professionals expect to burnout in the next 12 months

MultiTeam Solutions, a leading human-centered cybersecurity teamwork development company, has shared a concerning statistic – half of cybersecurity professionals are expecting to experience burnout within the next year. This revelation comes from a new report titled “Stress & Burnout in Cybersecurity: The Risk of a Thousand Papercuts,” based on a survey of 173 international cybersecurity […]


Advanced Cybersecurity Boosts Higher Returns For Shareholders

  The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success.   Cybersecurity preparedness and financial success are strongly correlated with companies that maintain strong security measures, outperforming peers with only basic defenses by as much as 372% in shareholder returns. […]