This report looks in-depth at several key topics and trends relevant to cyber security professionals in Italy (and beyond) in the run up to ItaliaSec 2025, including exclusive interviews from some of the country’s leading CISOs.
Download Report
Italian Cyber Security Threat Landscape_
As part of the ItaliaSec Annual Report, we look at the evolution of the cyber threat landscape, including notable changes such as:
In the first 6 months of 2024, cyber attacks increased by 23% compared to the previous semester.
In Italy, attacks on healthcare have increased by 83% compared to the first half of 2023.
About 35% of SMEs around the globe believe their cyber security resilience is inadequate.
The public sector is more affected, with 38% reporting insufficient resilience, compared to 10% of medium and large private organisations.
Contributors of the Report_
Stefano Scaramuzzino
Cyber Security Lead
ASL Roma 1
“The adoption of predictive models based on machine learning has enabled threats to be anticipated rather than reacted to, optimising the use of both human and financial resources.”
Mario Trinchera
CISO & CERTFin Technical Coordinator
ABI Lab
“Balancing the need for protection with the limited availability of resources requires a practical approach that leverages not only emerging technologies but also cross-sector collaboration.”
Alessandro Bulgarelli
CISO
Banca BPER
“It is well known that representing the ROI in security is an extremely complex issue to manage. I do not believe there are any metrics that are sufficiently explanatory to provide full accountability on these aspects.”
Mario Mangano
Head of ICT Security
Aeroporti di Roma
“The evolving global threat landscape and the growing risks facing businesses (e.g., environmental, geopolitical, pandemic-related, supply chain shortages, etc.) have made management increasingly sensitive to the need for business protection.”
Pierpaolo Romano
CISO
Italo
“One of the challenges we are addressing is preparing for compliance with incident notification obligations. To be structured and prepared, it’s essential to have a clear understanding of your digital perimeter and, above all, to assess different areas based on their level of risk.”
Giampaolo Tacchini
CISO
Edison
“Among the challenges posed by the NIS 2 Directive for large organisations operating across multiple sectors and sub-sectors affected by the forthcoming obligations is the need to harmonise risk management models and frameworks.”
Valerio Visconti
CISO
Autostrade per l’Italia
“We have adopted a structured approach that includes the creation of a cross-functional team dedicated to managing NIS2 compliance, allowing us to effectively integrate the new regulation with our existing security frameworks, such as ISO 27001. “
Simonetta Sabatino
Head of Cyber Security
Saras
“Adapting to the NIS2 Directive is presenting several challenges, including the expansion of its scope to cover even smaller companies within corporate groups. Defining and formally documenting the level of residual risk for each entity is essential. “
Pasquale De Rinaldis
Head of Information Security
Iccrea Banca
“Corporate security is not solely about safeguarding technical infrastructures and networks, but more broadly about protecting information — the most valuable yet vulnerable asset for any organisation.”
Silvio Siano
CISO
ANM – Azienda Napoletana Mobilità
“Transforming employees from the ‘weak link in the chain’ to strong defenders against cyber threats requires targeted actions to raise awareness of cyber risks.”
Alessandro Oteri
CISO & Founder
PensieroSicuro
“It’s not about transforming employees, but making them understand that they are already cybersecurity superheroes, and that protecting data and information is not just an obligation, but a valuable skill.”
