What is ECSM?

European Cyber Security Month (ECSM) is an EU awareness campaign that promotes cyber security among citizens and organizations about the importance of information security and highlighting the simple steps that can be taken to protect their data, whether personal, financial and/or professional. The main goal being to raise awareness, change behaviour and provide resources to all about how to protect themselves online. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month (ECSM) every October.

The objectives of the European Cyber Security Month:

  • generate general awareness about cyber security, which is one of the priorities identified in the EU Cyber Security Strategy;
  • generate specific awareness on Network and Information Security (NIS), which is addressed in the proposed NIS Directive;
  • promote safer use of the Internet for all users;
  • build a strong track record to raise awareness through the ECSM;
  • involve relevant stakeholders;
  • increase national media interest through the European and global dimension of the project;
  • enhance attention and interest with regard to information security through political and media coordination.


Please watch our animated video that describes in brief what ECSM it is about.


Building together a joint EU awareness campaign on NIS topics!

Preparations for the fifth ECSM started in earnest with collaboration being forged between the Estonian Information Systems Authority and ENISA for this year’s Cyber Security Month kick-off event. Taking place during the Estonian Presidency, the Estonian Ministry of Economic Affairs & Communication will be hosting the kick-off event at their premises in Tallinn on the 29th September 2017.

The agenda for the launch includes opening speeches by dignitaries from both the and European public sector and industry. National co-ordination teams will offer insights into their campaigns and leading IT security experts will debate on the security themes of the month.

We invite you to attend the kick-off launch of this year’s ECSM and we encourage policy makers, industry experts and representatives from competent authorities to come forward as speakers or panelists for either of the four sessions on the weekly themes:

  • Cyber Security in the Workplace
  • Governance, Privacy and Data Protection
  • Cyber Security in the Home
  • Skills in Cyber Security


October Weekly Themes


ECSM runs for the entire month of October, with each week focusing on a different topic. During each week, ENISA and its partners will be publishing reports, organising events and activities centred on each of these themes. Events will focus on training, strategy summits, general presentations to users, online quizzes, etc.

Week 1: Oct. 2-6
Theme: Cyber Security in Workplace
Targeting businesses, the aim of the theme is to raise awareness amongst company employees, IT professionals & senior management about threats such as Ransomware, Phishing, Malware and to provide general cyber “Hygiene” advice.

Week 2: Oct. 9-13
Theme: Governance, Privacy & Data Protection
Countdown to compliance: Ensure you're ready!!! The aim of this theme is to uncover how to prepare your organization for the new EU Directives and Regulations such as the NIS Directive and the GDPR.

Week 3: Oct. 16-20
Theme: Cyber Security in the Home
The aim of the theme is to raise awareness amongst general users of threats from IoT, online fraud / scams and provide guidance on how protect their home network and protect their online privacy.

Week 4: Oct. 23-27
Theme: Skills in Cyber Security
The theme seeks to support the young with gaining Cyber Security skills via training and education so as to grow the next generation of skilled Cyber Security professionals.

General message: Cyber security is a shared responsibility! STOP.THINK.CONNECT

 Alligned with "An Open, Safe and Secure Cyberspace" EU Cyber Security Strategy http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1667 .In coordination with STOP.THINK.CONNECT message originated at NCSM www.staysafeonline.org 




In 2011, ENISA was asked to assess the feasibility and explore various options on how a European Cyber Security Month (ECSM) could become an effective instrument to raising awareness about NIS challenges. The Agency was involved in assessing the establishment and organisation of a ECSM. For the first time, during October 2012, a ECSM took place as a pilot project across Europe. 

In 2012, a European Cyber Security Month took place as a pilot project across Europe. As pilot countries the Czech Republic, Luxembourg, Norway, Portugal, Romania, Slovenia, Spain and the United Kingdom participated in various activities and events throughout October 2012, to raise awareness of cyber security. This project was supported by ENISA and the European Commission.To read the synthesis of the results of the first ECSM, please consult the specific page.

The European Cyber Security Month 2013 took place in October; by consulting this report the reader will be introduced to the context of ECSM deployment, the policy context, the stakeholder model of engagement, the activities that were implemented and the results of the fully fledged EU advocacy campaign on NIS topics. This report presents the model of building together a joint EU advocacy campaign, a campaign on cybersecurity topics of interest for all digital citizens, and at the same time for institutions and Small Medium Enterprises.                            

In 2014 ENISA increased the involvement of the private and public sector in this initiative by working together.

In 2015 a total of 242 activities took place across 32 countries (deployment report).

In 2016 a total of 492 activities took place across 32 countries making ECSM 2016 the most successful campaign to date (deployment report).



This project is in line with the Awareness Raising workstream of the EU-U.S. Working Group on Cyber security and Cyber crime established in the context of the EU-U.S. Summit of 20 November 2010 held in Lisbon.

To read more on the National Cyber Security Awareness Month and the National Cybersecurity Awareness Campaign -Stop.Think. Connect. - organised in the United States and the National Cyber Security Awareness Week organised in Australia, please click on the above links.