ROME (ITALPRESS) – The second Cyber Index PMI Report, the index that measures the state of cyber risk management awareness of small and medium-sized Italian companies, was presented at Confindustria headquarters. Cyber Index PMI, produced by Generali and Confindustria, with the scientific support of the Cybersecurity & Data Protection Observatory of the School of Management of the Politecnico di Milano and with the participation of the National Cybersecurity Agency, highlights and monitors over time the level of awareness of cyber risks within business organizations and the approaches taken by them to manage these risks.
“Cybersecurity is a fundamental pillar for the resilience and growth of our economic system. Strengthening digital security means protecting the future of our companies and the entire production system, creating a safer and more competitive ecosystem,” says Angelo Camilli, Vice President for Credit Finance and Taxation of Confindustria. Confindustria is working to support this process, through initiatives such as the SME Cyber Index and constant dialogue with institutions.
“Italian small and medium-sized companies, contribute in a decisive way to the growth, employment and innovation of our country,” emphasizes Massimo Monacelli, General Manager of Generali Italia. “For this reason, I believe that promoting their innovation and fostering their digital transformation is one of the main challenges of this time. As Generali, aware of our social responsibility as the leading insurer in Italy, we want to concretely support the spread of cyber security culture, increasing awareness of vulnerability to cyber risk and emphasizing the importance of adopting adequate protection solutions. Today we have presented the second edition of the Cyber Index SME Report and we provide business organizations with our expertise and experience in identifying cyber risks, as well as innovative insurance tools.”
“Small and medium-sized enterprises play a key role in the growth of our economy but are increasingly the target of cyber attacks. The data presented today by the SME Cyber Index unfortunately still snapshot a situation of low cyber maturity on the part of the sector, and this is something we need to strongly invest in,” explains Bruno Frattasi, director general of the National Cybersecurity Agency. The Agency I head has always been committed, and in different ways, to supporting businesses. For a little over a year now, we have promoted a massive information campaign to raise awareness among SMEs and make them more mature in dealing with the cyber threat. We are well aware, however, that the continuous improvement of SMEs’ cyber resilience capabilities also comes through virtuous public-private collaboration in the adoption of new European regulations such as NIS2 and the Cyber Resilience Act and the continuous strengthening of financial and technological support initiatives that, as ACN, we also put in through European funds. This is the case, for example, with the recent EU Secure project, for which we are coordinators, and which provides 16.5 million euros to finance European SMEs on the path to adherence to the Cyber Resilience Act.”
“Cybersecurity is a challenge that affects businesses, institutions and citizens. In a context of increasingly sophisticated threats, it is essential that the country adopt a strategic approach that fosters a culture of cybersecurity,” stresses Pietro Labriola, Confindustria President’s Delegate for Digital Transition. Confindustria has always been committed to working alongside companies, facilitating access to resources and skills and promoting the changes needed to make our country grow. We must therefore invest in secure technologies, increase skills and build a system of public-private collaboration that allows our companies, especially SMEs, to effectively protect themselves.”
For Remo Marini, Group Chief Security Officer at Assicurazioni Generali, “The Cyber Index PMI 2024 Report clearly shows how many Italian Small and Medium Enterprises still need to take significant steps in cybersecurity. The growing number of cyber incidents globally and domestically on the other hand constantly underscores the importance of equipping themselves with increasingly robust security safeguards and controls. Italian organizations need to strengthen their digital defenses, especially in a context of continued technological growth and stringent regulatory requirements, as well as increasing interconnectedness between cyber threats and geopolitical and social dynamics. It is critical that companies are aware of their critical assets and the risks they face, and in light of this prioritize interventions and act quickly to strengthen their protection mechanisms. Only through continuous and strategic efforts will it be possible to protect their information assets and ensure greater operational resilience.”
“The second SME Cyber Index report confirms the persistent delay in the maturity of small and medium-sized enterprises in the cybersecurity field, although it shows a slight growth in the index compared to 2023,” pointed out Alessandro Piva, Director of the Cybersecurity & Data Protection Observatory of the Politecnico di Milano. “Although awareness about risks is growing, SMEs continue to show little understanding of the business domain and their supply chain. The human factor remains the main vulnerability, but in the near future, technological developments, particularly Artificial Intelligence and Generative AI, will contribute to increased uncertainty about cyber risks, making it essential to take immediate preventive measures. Otherwise, the gap between defensive and offensive capabilities is likely to widen as cyber threats worsen. New regulations, particularly NIS2, will foster a systemic maturation process, identifying new areas as critical. However, a change in the cultural approach to cybersecurity is needed, viewing it not just as a regulatory requirement but as a differentiator.”
The main finding from the Report is the need for greater dissemination and promotion of cyber risk culture among small and medium-sized business organizations. Overall, the 1,005 SMEs involved in the Report achieve an average Cyber Index value of 52 out of 100 (the sufficiency level is 60 out of 100), up 1 percentage point from 2023. Cyber Index SMEs is developed based on three different dimensions: strategic approach, ability to understand the phenomenon and threats (identification), and introduction of levers to mitigate the risk (implementation).
The Report shows that although there is growing attention on the subject, there is a lack of a real strategic approach involving the definition of investments and formalization of responsibilities by the Italian corporate population, with an average score of 54 out of 100 (+ 2% vs. 2023). Although implementation levers are more developed, with an average score of 57 out of 100 (+1% vs. 2023) SMEs have difficulty in setting priorities because they lack the right identification actions to approach the issue in a more judicious and conscious way, with an average identification score of 45 out of 100 (+ 2% vs. 2023).
The respondents, representative of the entire population of Italian SMEs, can be grouped into 4 levels of maturity: 15% are considered mature: they have a strategic approach to the subject, are fully aware of the risks and are able to put in place the correct implementation levers with initiatives involving people, processes and technologies:; 29% can be defined as aware: is able to understand the implications of cyber risks but with often little operational capacity to act properly; 38 percent are informed: not fully aware of cyber risks and the tools to be put in place, have a “craft” approach; 18 percent can be defined as novice: little aware of cyber risks and with almost no implementation of protective measures.
In the face of a cybersecurity landscape that is undergoing a delicate moment, from 2018 to 2023 a 79 percent increase in serious attacks in the public domain worldwide has been noted, the evolution of artificial intelligence techniques and the advent of GenAI are a determining factor in the cybersecurity of organizations: they will improve the ability to protect IT and information assets and contribute to further intensifying the threat. In addition, NIS2-the European directive that aims to establish a common cybersecurity strategy for all member states, raising the security levels of digital services on a European scale-represents a new tool to raise awareness of the issue among small and medium-sized enterprises as well, helping to improve their security posture.
While some of Italy’s SMEs have well understood the importance of cybersecurity and are gearing up to deal with a changing scenario, others are complicating the path as a whole.
There is still, in fact, a significant proportion of companies that struggle to manage risk wisely and underestimate its potential impacts. A change of mindset is needed with respect to cyber risk management, which must be interpreted as an enabling factor of digital transformation. In addition, assessing the centrality assumed by the subject in the social and global context in which we live and with the goal of making the country’s economy resilient, there is a need for a systemic approach in which institutions also intervene to define joint investment opportunities and strengthen corporate infrastructure.
With a view to increasing knowledge on issues of cyber risks and cyber attacks for businesses, training meetings and workshops are planned on a territorial basis. Experts from Generali and the agency network will engage Confindustria member companies with their valuable advice to ensure greater awareness of the risks associated with increasing digitalization and to protect businesses from cybercrime. The first stage of this year’s initiative will be April 1 in Rome and will continue over the months involving Genoa and Naples.
– Press office photo Generali Italy –
(ITALPRESS).
