Outages that resulted from third-party failures affected the largest number of users, 2.8 million and lasted for 13 hours, while those caused by system failures lasted nine hours and affected 2.3 million users, on average.
Outages resulting from malicious actions, including physical attacks against network equipment, cyberattacks and cable theft, affected 1.5 million users on average and lasted for 4 hours.
When looking at more detailed causes, hardware failure was the most common and accounted for 38 percent of incidents that resulted in service outages. It was followed by software bugs with 24 percent, system overloads with 13 percent and power cuts with 11 percent.
By number of affected users, incidents caused by overloads had the biggest impact, affecting 9.4 million users on average. These were followed by incidents caused by software bugs with almost 4.3 million users affected, power cuts with 3.1 million users affected and cyberattacks with 1.8 million.
ENISA's report does not include details about specific incidents and does not reveal the names of the affected service providers. However it does provide some examples of incidents it received over the past two years.
One incident caused by a cyberattack was described like this: "A series of Distributed Denial of Service attacks targeted a provider's domain name service. Up to 2.5 million mobile Internet users were affected during 1-2 hours. The attacking IP-addresses were tracked and blocked, the load balancing units were restarted and the traffic could be recovered. As post-incident actions additional DNS servers were installed, configuration changes were made on firewalls and hardware was expanded to withstand similar attacks."
The statistics in the report suggests that the percentage of incidents caused by cyberattacks increased in 2012 compared to 2011. However, ENISA warned that data from only two years of reporting is not enough to draw conclusions about any trends.
Overall, mobile networks were most affected by outages with 50 percent of all reported incidents affecting mobile telephony or mobile Internet services.
"In 37 percent of the incidents there was impact on emergency calls using the emergency number 112," ENISA said.