Top 10 cybersecurity threats for 2030 according to ENISA
Analysis of the ENISA Foresight 2030 report: 10 most significant cybersecurity threats for the coming decade - from software supply chain compromise and AI-enabled attacks to legacy system exploitation.
Łukasz Drążek 
ENISA (European Union Agency for Cybersecurity) published an updated version of its “Foresight Cybersecurity Threats for 2030” report in 2024 - an analysis of the most significant threats that organizations and societies will face through the end of the decade. The report was developed through expert workshops, analysis of technological and geopolitical trends, and a review of existing forecasts.
Unlike the annual ENISA Threat Landscape, which describes the current threat landscape, the Foresight report looks ahead - identifying trends that are visible today as signals but may become dominant attack vectors within a few years.
10 threats - overview
ENISA identified ten threats ranked by assessed risk level:
| Rank | Threat | Trend (vs 2023) |
|---|---|---|
| 1 | Software supply chain compromise | Rising |
| 2 | Advanced disinformation campaigns | Rising |
| 3 | Rise of digital surveillance authoritarianism | Stable |
| 4 | Loss of privacy in the data-driven world | Rising |
| 5 | Targeted cross-sector supply chain attacks | Rising |
| 6 | Advanced hybrid threats | Rising |
| 7 | Cybersecurity skills shortage | Rising |
| 8 | Exploitation of unmanaged and legacy systems | Stable |
| 9 | Cyberattacks on physical infrastructure | Rising |
| 10 | Abuse of artificial intelligence | Rising |
Analysis of selected threats
1. Software supply chain compromise
The SolarWinds Orion attack (2020) was the warning. Attacks on Kaseya (2021), 3CX (2023), and PyPI/npm (ongoing) confirm that supply chain compromise is not a one-time incident but a systemic attack vector.
ENISA predicts that by 2030:
- Attacks on open-source package repositories (npm, PyPI, Maven) will become routine
- Compromise of CI/CD tools (GitHub Actions, GitLab CI, Jenkins) will be a primary attack vector against organizations using DevOps
- Manipulation of IoT/OT device firmware updates will become a realistic scenario
WARNING
The software supply chain is not just code. It also includes build infrastructure (build systems), code-signing certificates, artifact repositories, and deployment tools. Every element is a potential point of compromise.
5. Targeted cross-sector supply chain attacks
This extends threat #1 to supply chains connecting different sectors - when an IT provider compromise affects the energy sector, when an attack on a logistics provider paralyzes the healthcare sector. ENISA points out that growing cross-sector interdependence creates a cascading effect where an incident in one sector propagates to others.
A 2024 example: the attack on Change Healthcare (IT/healthcare sector) paralyzed billing at thousands of medical facilities in the US. An IT provider became a single point of failure for the entire healthcare sector.
7. Cybersecurity skills shortage
(ISC)2 estimates the global cybersecurity skills gap at 3.4 million professionals (2024). ENISA predicts the problem will deepen:
- Growing IT/OT/cloud infrastructure complexity requires increasingly narrow specializations
- Competition for talent between sectors (finance, technology, government) raises costs
- Automation (SOAR, AI-driven detection) will help but cannot replace human expertise in incident response and strategic decisions
8. Exploitation of unmanaged and legacy systems
This threat is particularly relevant for OT environments, where PLC controllers, SCADA systems, and RTUs operate for 15-25 years. ENISA notes that:
- End-of-life systems (without vendor support) represent a growing share of critical infrastructure
- IT/OT convergence exposes legacy systems to threats they were not designed to withstand
- Lack of visibility in asset inventory means organizations do not know how many legacy systems they have
9. Cyberattacks on physical infrastructure
ENISA predicts a rise in attacks aimed at causing physical consequences:
- ICS malware capable of manipulating industrial processes
- Attacks on building management systems (BMS, HVAC) in critical facilities
- Leveraging industrial IoT as an attack vector against physical processes
The year 2022 with Industroyer2 and Pipedream confirmed that tools for attacking physical infrastructure are becoming increasingly available and modular.
10. Abuse of artificial intelligence
ENISA identifies several AI abuse scenarios:
- Phishing generation - LLMs producing phishing messages indistinguishable from human-written ones, in any language, with personalization
- Deepfake in social engineering - audio and video deepfakes used for executive impersonation (CEO fraud)
- Automated reconnaissance - AI accelerating victim network analysis, vulnerability identification, and attack planning
- Evasion - adversarial AI bypassing machine learning-based detection systems
TIP
Defense against AI-enhanced threats does not require building your own AI systems. The key is strengthening fundamentals: phishing-resistant MFA (FIDO2/passkeys), network segmentation, identity verification procedures in financial transactions (e.g., callback procedures for transfers above a certain amount).
What this means for organizations in 2026
The ENISA report is not a list of abstract future threats - most of them are visible today. Organizations can use it as a tool for prioritizing security investments.
Priority checklist based on ENISA Foresight 2030
- Software supply chain security assessment (SBOM, vendor verification)
- End-of-life and legacy system inventory with migration or mitigation plans
- Deploy phishing-resistant MFA (FIDO2) for critical accounts
- Security team competency development plan (training, certifications, retention)
- OT network segmentation isolating legacy systems
- Identity verification procedures in financial processes (defense against deepfakes)
- Regular risk assessment reflecting the evolving threat landscape
- OT and IoT system monitoring for anomalies
Conclusions
The ENISA Foresight 2030 report confirms a trend observed over recent years: the boundary between IT and OT threats is blurring, supply chains are becoming the dominant attack vector, and artificial intelligence is lowering the barrier to entry for attackers. At the same time, the fundamentals of defense remain unchanged - asset inventory, access control, segmentation, monitoring, and a competent team.
Organizations that want to assess their readiness against the threats described in the ENISA report can start by reviewing their current security posture against the NIST Cybersecurity Framework and identifying gaps requiring priority attention.
Sources:
- ENISA, Foresight Cybersecurity Threats for 2030 - Update 2024 - enisa.europa.eu
- ENISA, Threat Landscape 2024 - enisa.europa.eu
- (ISC)2, Cybersecurity Workforce Study 2024 - isc2.org
- CISA, Secure by Design Principles - cisa.gov
Need help in this area?
Our experts will help you assess the risk and plan next steps.