Eleven European countries suffered major communications outages last year, according to a new report by the European Union's top cybersecurity agency.
The report, released today by the European Network and Information Security Agency (ENISA), said that 11 EU member states reported 51 "severe outages" in their countries' communications networks and services during 2011.
The report said that 60 percent of the incidents affected cellular networks or mobile Internet, with the remainder involving services such as fixed phone and internet, messaging and e-mail.
According to ENISA, the main cause of the outages was hardware or software failure, which accounted for 47 percent of incidents, followed by third-party failure at 33 percent. Natural phenomena and human error each caused 12 percent of the incidents.
Only 6 percent of all reported incidents that led to outages were a result of malicious attacks. The malicious attacks were often low-tech, such as vandalism or cable theft, rather than cybercrime, ENISA said.
The low-tech attacks took an average of 31 hours for recovery -- the report highlights one example of the deliberate setting fire to a fixed-line switching system that left 10,000 subscribers without Web access for 36 hours -- compared to 17 hours for hardware or software failure, or nine hours for third-party failure. Incidents involving natural events, such as floods, storms or snow, lasted 45 hours on average, often as a consequence of disruption to power supply.
The ENISA report covers 29 countries in total -- nine of which reported no significant incidents, with a further nine countries yet to implement the reporting system, but did not name which countries were in each category.
Under EU law, all member states are obliged to report cybersecurity incidents and major outages to ENISA and the European Commission once a year, from this year.
The agency today released the first annual roundup based on the countries' reports, for incidents occurring in 2011. However, not all EU member states have fully implemented the reporting scheme on time, prompting ENISA to suggest the number of incidents is likely to rise.
"Many countries implemented [the reporting scheme] late in 2011. This explains why so many countries (9) indicated they had not received reports about significant incidents. We estimate that the number of incidents that will be reported over this year (2012) will increase by a factor of 10," the report said.
The next report will be issued in spring 2013, reporting on the major outages and incidents of 2012, the cybersecurity agency said.