They will be part of the Interministerial Committee for the Security of the Republic (CISR) also the holders of some government departments: that of Businesses and Made in Italythat ofEnvironment and energy securitythat ofAgriculture, that of Food Sovereignty and Foreststhat of Infrastructure and transport and finally that ofUniversity and research. An executive amendment to the bill provides for this Cybersecuritydeposited in the commissions Constitutional Affairs and Justice in the Chamber.
The amendment affects in particular article 5 of law n.124 of 2007 which reformed the structure and organization of the Italian secret services. The provision in question establishes that the Committee is chaired by the “President of the Council of Ministers” and composed of “the Delegated Authority, where established, the Minister of Foreign Affairs, the Minister of the Interior, the Minister of Defense, the Minister of Justice , by the Minister of Economy and Finance, by the Minister of Economic Development and by the Minister of Ecological Transition”.
The CISR has consultancy, proposal and decision-making functions directions and general purposes of the information policy for security. The Committee develops “the general guidelines and fundamental objectives to be pursued within the framework of the security information policy, decides on the distribution of financial resources between the DIS and the security information services and on the related budgets and final balance sheets”, establishes still the 2007 law.
Only 1% of Italian companies are “mature” on the cyber front
In the meantime Italy, and in particular its productive fabric, is still substantially unprepared for the challenges of cybersecurity. Solo 1% of companies can in fact be considered “mature”that is, capable of effectively dealing with growing cyber threats. 78% of those interviewed declared that they were in the “initial” or “training” phase. This is supported by the Cisco Cybersecurity Readiness Index 2024research conducted on 8000 security managers from 30 countries, including Italy.
To create the report, 5 pillars were taken as measurement criteria, which constitute the main line of defense of a company: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement e AI Fortification. Each of them in turn includes 31 different solutions and capabilities. At the end of the survey, the companies were also classified into four levels of preparation: Beginner, Training, Progressive and Mature.
Companies continue to be targeted with a variety of increasingly effective techniques: phishing, ransomware, malware and social engineering. At the same time, according to the Cisco report, the same companies are experiencing constant difficulty in adequately defending themselves, mainly due to cybersecurity solutions that are too complex to manage.
The problem of the complexity of ecosystems
Hybrid work environments also make it even more difficult to address cybersecurity challenges: Most companies still face the complexity of employees collaborating from anywhere on any device, across different networks and applications. 22% of companies surveyed said their employees log in from at least six different networks in the space of a single week. Despite this, 62% of Italian companies still feel moderately to very confident about their ability to defend themselves from a cyber attack through their IT infrastructure. This discrepancy between confidence and preparedness suggests an alarming fact about companies’ inability to realistically assess the scale of the challenges they face.
The needs and expectations of businesses
The report also highlighted that for 63% of respondents a cybersecurity incident would be able to interrupt their business in the next 12-24 months. 33% of the sample involved declared having suffered a cybersecurity incident in the last 12 months.
On the other hand, the traditional approach provides adopting multiple cybersecurity solutions has not produced effective results. 75% of respondents admitted that having multiple solutions slows down detection, response and recovery times from a cyber incident. 63% said they had implemented ten or more cybersecurity solutions, while 22% said they used 30 or more.
85% of companies reported that their employees access corporate platforms through unmanaged devices, with 39% of these spending a fifth of their time connecting to corporate networks through unmanaged devices.
Then there is the persistent talent gap in IT: Progress is further hindered by a lack of specialized resources, highlighted by 74% of companies as a problem. In fact, 38% of companies declared that they have more than ten roles related to cybersecurity not covered in their organization.
However, IT investments are on the rise: 36% of respondents plan to significantly upgrade their IT infrastructure in the next 12-24 months. Specifically, companies plan to upgrade existing solutions (62%), implement new solutions (64%), and invest in AI-driven technologies (46%). Finally, 94% of companies plan to increase their cybersecurity budget in the next 12 months, with 82% of respondents reporting an increase of 10% or more.
Ransomware: boom in attacks against communications (+177%)
Furthermore, it is an obligatory choice: attack and intrusion initiatives continue to increase, as also highlighted by the analysis of the first quarter of 2024 carried out by Check Point Research: the most affected sector globally was that manufacturing with 29% of ransomware attacks published and nearly double the attacks reported compared to the previous year, followed by healthcare with 11% of attacks (and a 63% increase compared to the previous year) and retail /wholesalers with 8% of attacks.
The communications sector saw the highest year-over-year increase in ransomware attacks (+177%), despite making up only 4% of attacks published in the quarter. The increase in cyberattacks in the communications sector may have been fueled by rapid digital transformation, with the integration of technologies such as 5G and IoT widening vulnerabilities, while its critical role and handling of sensitive data makes it make them a prime target for several threats, including state-sponsored espionage and data theft.
The manufacturing sector has seen the second highest increase in ransomware attacks at 96% year-over-year and is a common primary target due to its heavy reliance on interconnected technology and security capabilities weakened by the use of traditional industrial technologies.