KIBER SECURITY BRIDGE · EUROSTAT 2019-2024

Cybersecurity maturity: Latvia vs EU

First, the overall European picture: incidents actually reported in the EU (ENISA CIRAS). Thereafter, the maturity of Latvian companies against the EU average by dimension.

Overall European Review: Cybersecurity Incidents (ENISA CIRAS, NIS2)

Major incidents reported by EU national authorities within ENISA NIS2 (energy, health, digital infrastructure, etc.). Data are EU-wide and anonymised. Figures from individual countries (including Latvia) are not published. Covers 2012-2026. The current year is partial.

10024total incidents 2012-2026
1954last complete year (2025)
20232026 (partial year)

Annually reported incidents (2012-2026)

ENISA CIRAS ziņotie kiberdrošības incidenti ES pa gadiem 2012 77 2013 95 2014 146 2015 138 2016 159 2017 183 2018 175 2019 185 2020 489 2021 554 2022 1070 2023 1268 2024 1508 2025 1954 2026 2023 (daļējs)

The increase over the years largely reflects a wider reporting coverage (NIS2 covers more sectors) and lower thresholds, not least more incidents. Comparable over years with caution.

Causes of incidents (2012-2026, % · number)

ENISA CIRAS incidentu cēloņu sadalījums ES Sistēmu kļūmes 34.6% · 4055 Ļaunprātīgas darbības 29.3% · 3436 Cilvēku kļūdas 12.0% · 1410 Trešo pušu kļūmes 10.2% · 1200 Nezināms 5.6% · 657 Citi 5.1% · 595 Ārēji notikumi 3.1% · 362

The main cause - "System failure" (34.6% of incidents). Abuse is the second largest and growing.

Source: ENISA CIRAS - NIS2 CIRAS (live data, reporting of NIS2 sectoral incidents, occurring quarterly). Check: raw data (JSON).

Latvia against the EU average: cyber security maturity

A judgement is not one figure - it is manifested in several dimensions, so indicators are grouped. Interest = share of enterprises. Each indicator shows the latest available year (data for 2019-2024).

Source: Eurostat - ICT security in enterprises (isoc_cisce_ra, isoc_cisce_ic; size_emp=GE10, unit=PC_ENT, geo=LV / EU27_2020). ec.europa.eu/eurostat. Dimensions breakdown - cyb3r.help interpretation according to ISO/IEC 27001 and NIST CSF 2.0. The figures are constant.

Management

Safety-led deliberately: documented policies and regular risk assessment. Grounds for judgment.

Latvia vs EU average · Share of enterprises (%)

In brackets next to the indicator, the latest available year of Eurostat. Grey band = 100% scale.

Pārvaldība Dokumentēta ICT drošības politika (2024) 49.4% 35.5% ICT risku novērtēšana (2024) 24.8% 34.1%
Check in source - each indicator in the Eurostat table with LV and EU value
  • Documented ICT Security Policy (E_SECPOL2, 2024): Latvia 49.4% · EU 35.5% - open to Eurostat
  • Assessment of ICT risks (E_SECMRASS, 2024): Latvia 24.8% · EU 34.1% - open to Eurostat

Protection

Basic technical measures: authentication, backup and encryption. They directly reduce the success of the attack.

Latvia vs EU average · Share of enterprises (%)

In brackets next to the indicator, the latest available year of Eurostat. Grey band = 100% scale.

Aizsardzība Stipra paroļu autentifikācija (2024) 86.4% 83.7% Vismaz divfaktoru autentifikācija (2024) 29.3% 39.8% Datu dublēšana atsevišķā vietā (2024) 60.5% 79.2% Datu šifrēšana (2024) 26.7% 39.7%
Check in source - each indicator in the Eurostat table with LV and EU value
  • Strong authentication of passwords (E_SECMSPSW, 2024): Latvia 86.4% · EU 83.7% - open to Eurostat
  • At least two factors (E_SECMDUO, 2024): Latvia 29.3% · EU 39.8% - open to Eurostat
  • Data backup in a separate location (E_SECMOSBU, 2024): Latvia 60.5% · EU 79.2% - open to Eurostat
  • Data encryption (E_SECMDENC, 2024): Latvia 26.7% · EU 39.7% open to Eurostat

People's awareness

Information and training for workers. Man is the most common starting point of attack (picking, social engineering).

Latvia vs EU average · Share of enterprises (%)

In brackets next to the indicator, the latest available year of Eurostat. Grey band = 100% scale.

Cilvēku apzināšanās Darbinieku informēšana par pienākumiem (2024) 47.5% 60.0% Obligātas drošības apmācības (2024) 15.7% 24.5%
Check in source - each indicator in the Eurostat table with LV and EU value
  • Responsibilities information for workers (E_SECAWANY, 2024): Latvia 47.5% · EU 60.0% - open to Eurostat
  • Compulsory security training (E_SECAWCTP, 2024): Latvia 15.7% · EU 24.5% - open to Eurostat

Verification and durability

Whether protection is verified and whether there is financial resilience (insurance) to the consequences of the incident.

Latvia vs EU average · Share of enterprises (%)

In brackets next to the indicator, the latest available year of Eurostat. Grey band = 100% scale.

Pārbaude un noturība ICT drošības testi (2024) 22.3% 34.6% Apdrošināšana pret ICT incidentiem (2022) 9.1% 25.0%
Check in source - each indicator in the Eurostat table with LV and EU value
  • ICT security tests (E_SECMTST, 2024): Latvia 22.3% · EU 34.6% - open to Eurostat
  • Insurance against ICT incidents (E_SECINS, 2022): Latvia 9.1% · EU 25.0% - open to Eurostat

Experienced incidents (companies)

How many companies actually experienced an ICT security incident. A smaller score is better.

Latvia vs EU average · Share of enterprises (%)

In brackets next to the indicator, the latest available year of Eurostat. Grey band = 100% scale.

Piedzīvotie incidenti (uzņēmumi) Piedzīvojuši ICT drošības incidentu (2024) 15.0% 21.5% Nepieejamība ārēja uzbrukuma dēļ (2024) 8.0% 3.4%

Less value = better. Fewer businesses experienced incidents.

Check in source - each indicator in the Eurostat table with LV and EU value
  • An ICT security incident (E_SEC2IANY, 2024): Latvia 15.0% · EU 21.5% - open to Eurostat
  • Non-availability due to an external attack (E_SEC2IUSVA, 2024): Latvia 8.0% · EU 3.4% - open to Eurostat