Forlì in prima linea nella difesa della Terra dal rischio asteroidi

Innovation

The cybersecurity game comes to a head for companies

Directive imposing measures against cyber attacks in force. Up to 16 thousand companies in the Centre affected. Benigni (Unindustria Lazio): "Helping small and medium sized companies".

11 November 2024

Difesa dagli hacker, dal 16 ottobre è in vigore in Italia la nuova normativa che attua la direttiva europea Nis 2, con una serie di nuovi adempimenti per le imprese

3' min read

For small and medium-sized enterprises in Central Italy (and Lazio in particular), the challenge of cybersecurity is coming to the fore. Since 16 October, the new legislation implementing the European NIS 2 (Network and Information Security) directive has been in force in Italy. Its aim is to improve the preparedness and response of member states to cyber attacks. Perhaps the most important novelty is the extension of new obligations - from risk analysis to incident management and staff training - to a wide range of sectors: not only companies in those defined as 'highly critical' for cyber attacks such as energy, transport, finance, and health, but also other providers of critical services such as digital, postal, and waste management services.

It is estimated that in Italy the regulation will directly affect between 30 thousand and 50 thousand companies, a third of which will be in Central Italy (up to about 16 thousand) and up to 6 thousand companies in Lazio, excluding, however, the entire chain of suppliers, which is difficult to estimate.

The fear is that small companies are frightened by these changes, fearing an increase in costs in an already uncertain economic phase. This is why both business associations and institutions are already taking action. "Perhaps for small companies there may be an immediate increase in costs, but over time the application of the new rules will bring savings,' explains Lorenzo Benigni, vice-president of Unindustria Lazio with responsibility for cybersecurity, and senior vice-president Governmental & institutional relations of the Elt Group (for over 70 years a world leader in electronic defence systems and today a group with a multi-domain approach that also covers cyber space and biodefence, with 320 million in annual turnover and 1,600 employees).

'Even small and medium-sized companies can be victims of hacker attacks,' explains Benigni, 'with very serious consequences. The theft of sensitive data can have a devastating impact, for example in the defence, construction and pharmaceutical sectors. It often happens that a ransom is demanded for stolen data, and if it is not paid, it is made public. Beyond the obvious damage in the case of sensitive data or patents, there is a loss of company reputation that has a direct impact on customer trust and thus on business'.

The application of the directive with its requirements 'shelters', as Benigni explains, even small companies. In some cases, however, these are companies with as few as five employees, with at most one person dealing with IT. That is why it is not surprising that some of them may be frightened by the schedule of new obligations that will actually start in 2025, starting with the registration on the dedicated digital platform.

"We appreciate the signs of reassurance from the institutions, which have shown their willingness to provide the necessary guidance and support to companies," explains the Unindustria Lazio vice-president in charge of cybersecurity. But Unindustria is also ready to play its part. "We are acting as spokesman to ask the institutions for precise and detailed guidelines. We are also working to bring large and small companies together to make it easier for the entire supply chain to comply with the requirements. We are also asking the Lazio Region to consider ways of supporting small and medium-sized enterprises'.

In Lazio, above all, the issue of cybersecurity is very much in the spotlight: 'It is the centre of national government and defence, as well as the headquarters of the major national infrastructure operators. It is undoubtedly an area of interest for potential cyber attacks, but at the same time it is the first region in Italy in terms of the number of companies active in the sector (22% of the national total), including the main national operators in cybersecurity. An advantage that we must exploit'.

Furthermore, Unindustria is continuing to work on stimulating greater awareness among small and medium-sized companies and on developing new skills, given that many companies are having difficulty finding cybersecurity professionals: "We have already done a lot, such as the Vademecum on Cybersecurity for small and medium-sized companies, in collaboration with Cyber 4.0 and Enisa (the European Union's cybersecurity agency, ed.) We will continue to work on specialised training, but cyber defence should become transversal to many degree courses,' concludes the vice-president of Unindustria Lazio in charge of cybersecurity.

Andrea Mariniredattore
Luogo: Roma
Lingue parlate: Inglese, tedesco e spagnolo
Argomenti: Politica, economia nazionale, economia del Lazio, desk quotidiano e online
Scheda autore
Trust project