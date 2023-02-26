In Italy the attention for the is growing cybersecuritywhich is confirmed in 2023 the main investment priority in digital among companies, both large and SMEs. As many as 61% of organizations over 250 employees decided to increase their cybersecurity budget in the last 12 months. And overall in 2022 the Italian cybersecurity market reaches the value of 1.86 billion euros, with an exceptional acceleration of +18% compared to 2021.

The ratio of spending on cybersecurity to GDP in Italy stands at 0.10%, slightly up on the 0.08% of the previous year. However, this is a result that places our country in last place among those of the G7. The ranking is led by the US and the UK, with a ratio of 0.31%. For France and Germany the ratio is 0.19% and 0.18%, respectively.

To say it is the research of the’Osservatorio Cybersecurity & Data Protection of the School of Management of the Milan Polytechnicpresented this morning at the conference “Cybersecurity: towards a common front”.

The increase in attacks and the strategy to adopt

According to the study, on the other hand, Cyber ​​attacks are on the risewith 1,141 serious accidents reported since It closed in the first half of 2022 alone, +8.4% compared to the same period of 2021, and threats increasingly also affect critical infrastructures. In this context, 67% of enterprises report an increase in attack attempts and 14% have suffered tangible consequences following cyber incidentssuch as service disruptions, process delays or reputational damage. More generally, due to the current turbulence, 92% of companies experience impacts, positive or negative, directly attributable to the geopolitical context, ranging from a greater interest in security by Top Management to a need to reorganize activities of cyber risk management.

“Faced with a steady increase in attacks, in 2022 many organizations have undertaken, continued or increased investments in security, adopting new technologies or reviewing processes to protect information assets,” he explains Gabriele Faggioli, Scientific Director of the Cybersecurity & Data Protection Observatory. “This is also happening thanks to the driving force of the Pnrr and under the guidance of the new National Cybersecurity Agency which today has a fundamental role in guiding a common front for the challenges we are facing. The cybersecurity market is growing significantly and the increase in investments by private and public actors, together with the clear institutional strategy, represent an encouraging sign in view of the coming years”.

Alessandro Piva, Director of the Cybersecurity & Data Protection Observatoryadds: “Today the challenge is to define a structured long-term strategy, to create a common front against threats. For this objective, investments with funds focused on company priorities, specialized figures with IT security skills and structured training plans for all company levels are needed, together with cyber risk management with a mature approach, in an integrated risk management process based on financial quantification metrics that are easily understood by the company board”.

The cybersecurity market in Italy

As anticipated, the cybersecurity market, after the 15% growth in 2021, experiences a further boost of 18% in 2022, dictated by the recovery of investments by organizations and by a progressive awareness of threats, reaching a value of 1,855 million euros. A growth largely supported by medium-sized enterprises, which are finally starting to introduce concrete actions in the field of cybersecurity. By dividing the market into the various expenditure components, 50% is dedicated to services, up on last yearand the other half to cybersecurity solutions, including Endpoint and Extended Detection and Response, Siem, Identity & Access Management, Vulnerability Management e Penetration Testing. By type, however, the largest shares go to traditional security aspects, but the most innovative components see a significant increase. In first place the category of Network & Wireless Security with 26% investments, followed by Endpoint Security (23%) and Cloud Security (14%).

The organization of cybersecurity

There is an enhancement of the cyber security governance in Italian organizations. In 53% of companies today there is a formalized Chief Information Security Officer (Ciso), who is mainly located within the IT Department (37%). At the same time, however, initiatives are being launched to raise awareness of the possible cyber impacts of employee activities: 80% of organizations (increasing) have defined structured training plans, which almost always involve all company players. The effectiveness of training depends on the ability to focus on the direct and concrete impacts experienced by employees in their daily activities.

Cyber ​​risk management

Lastly, Italian companies consider risk management with an increasingly holistic view, to guide investment priorities. In 49% of organizations, cyber risk management takes place in an integrated company risk management process, even if there remains a significant share that treats it as a separate risk or does not even monitor it constantly. Only in 32% of companies are financial risk quantification methodologies applied. This approach, although complex to deal with, allows the importance of cybersecurity to be perceived effectively by top management, highlighting the possible impacts for the business of a potential incident.

