2020 made it painfully clear that Europe’s entire digital infrastructure and economy depend on open and secure access to the internet. The increase in cybersecurity attacks during the COVID-19 pandemic is just the most recent illustration of why the EU and its Member States need a professionalised, agile and well-resourced cybersecurity agency. Luckily, the EU Cybersecurity Act (CSA), which granted ENISA a permanent mandate and more resources and responsibilities, entered into force in June 2019. According to Lepassaar, the CSA made a real qualitative difference for ENISA: ‘It was the right proposal in the right place at the right time. The additional tasks, the permanent mandate and the resources to go with them not only fortified trust in the Agency, but are enabling us to attract additional talent from all over the EU.’