‍

From risk to resilience: How Politecnico di Milano aims to close the cybersecurity gap of Italy through CYCERONE project

Digitalisation, cloud computing, intelligent automation, and artificial intelligence: opportunities and risks are growing in this rapidly evolving ecosystem. In this scenario, cybersecurity can no longer be considered a “nice to have” but a real strategic asset. But what is the degree of maturity of Italian small and medium enterprises' cybersecurity management systems? Unfortunately, the results of the Cyber Index PMI 2024, promoted by Confindustria in collaboration with the National Cybersecurity Agency (ACN), are unsatisfactory.

The average score marked by small and medium-sized enterprises (SMEs) is 52 out of 100, which falls below the passing threshold. Italian SMEs, representing the vital foundation of our economy, are not yet equipped to tackle the increasingly complex digital landscape, where threats are rapidly evolving.

This leads to several consequences, as:

• Rise in cyberattacks: Ransomware and phishing campaigns are becoming more sophisticated, often targeting supply chains. SMEs are often the weak link, thus representing a good access point for attackers
• Regulatory compliance: Adapting to new regulations, such as the NIS2 Directive and GDPR, is essential but challenging.
• Cloud security risks: Misconfigurations and vulnerabilities in cloud services expose SMEs to cyber threats.

Why are SMEs falling behind so significantly?

The most significant factors are:

• Limited resources: Many SMEs struggle with tight budgets, making it difficult to invest in advanced cybersecurity solutions.
• Shortage of skilled professionals: Finding and retaining cybersecurity experts remains a major hurdle.
• Resistance to change: Some businesses hesitate to adopt new technologies, fearing disruptions to established processes.

Can a strategy truly secure the public sector?

As for the public sector, cybersecurity maturity varies significantly across different organisations. The National Cybersecurity Strategy 2022-2026 outlines key measures to strengthen security, but implementation remains uneven. Here are some key insights:

• Central government agencies have made progress, particularly with the National Cybersecurity Agency (ACN) leading efforts to improve resilience.
• Local governments often struggle due to limited resources and expertise, making them more vulnerable to cyber threats.
• Public hospitals and schools face challenges in securing sensitive data, with healthcare institutions being frequent targets of ransomware attacks.
• Compliance with the NIS2 Directive is improving, but many entities still need to enhance their cybersecurity frameworks.

PoliMI’s role in enhancing cybersecurity skills

Politecnico di Milano (PoliMI hereafter), Italy's largest science-technology university, has extensive research and teaching experience on these topics. In addition, it has always been very close to the business world (SMEs and public administration included), with which it collaborates on various fronts (applied research, technology transfer, "custom" training projects).

In particular, regarding cybersecurity, the main research areas concern network security, software security, IoT security, cryptography, cybersecurity governance and regulatory impacts.

PoliMI's commitment to teaching is also noteworthy, as proven by several courses in the M.Sc. in Computer Science and Engineering. In addition, the joint Degree with Bocconi University in Cyber Risk Strategy and Governance, the Master in Cybersecurity offered in partnership with Cefriel (a Research, Innovation, and Training Centre controlled by PoliMI) and Deloitte, as well as the International Master in Cybersecurity Management delivered by the PoliMI Graduate School of Management.

Still on corporate training (with a particular focus on SMEs), it is worth mentioning the participation in EU-funded projects, aimed at developing the training offer on cybersecurity topics, such as (for example) the project "DIGITAL4Security - European Masters Programme in Cybersecurity Management & Data Sovereignty", within the EU Digital Europe Programme, whose aim is to create an innovative and market-led European Masters Programme in Cybersecurity Management & Data Sovereignty (DIGITAL4Security) that will equip European SMEs and Companies across multiple sectors with the cybersecurity management, regulatory and technical skills they need to prevent and respond to existing and emerging cybersecurity threats.

The CYCERONE project also aligns with these objectives: CYCERONE will be a pivotal European platform for cybersecurity education and professional development. Its mission is to offer a unified access point for diverse learners, focusing on SMEs and the public sectors, to enhance their cybersecurity skills. The initiative aims to amplify the reach of higher education institutions and professional training providers in cybersecurity through strategic marketing and dissemination within the Cybersecurity Skills Academy. PoliMI is one of the project's partners, playing a leading role in the activities concerning the design of the academy's structure and its educational programs and formats.

Conclusion

Closing the cybersecurity gap demands a coordinated effort across different players from academia, industry and government. Politecnico di Milano through its research, training and active involvement in various cybersecurity projects such as CYCERONE aims to effectively contribute on this effort. Through enhancing the cybersecurity skills and knowledge of SMEs and the public sector POLIMI is helping Italy to move towards a new, safer digital future. If you’d like to learn more about CYCERONE and its work in strengthening resilience, don’t miss to sign up to our newsletter.

References

Confindustria (in collaboration with Italian National Cybersecurity Agency and Generali), 2024 SME Cyber Index Report, 2024