Cybersecurity Training is No Longer Optional
We’re on the podium, and the title we’ve won is certainly not a source of pride.
Our country is in fact in second place in the European Union for the number of ransomware attacks suffered. This is according to the Tim and Cyber Security Foundation report on 2024 and reported by Il Sole 24 Ore Radiocor. In particular, the attacks showing strong growth are ransomware (146 in 2024) and DDoS, which have increased by 36% compared to the previous year.
An even more worrying fact: nearly two-thirds of the SMEs surveyed (64%) have suffered cyber attacks in the last 3 years, with events repeating over time.
There has also been an evolution in execution methods, with multiple attacks simultaneously hitting multiple points of the same organization – sites, networks, devices – rendering many traditional countermeasures inadequate. It is significant to note how these attacks have increasingly affected Public Administration as well, whose exposure has gone from 1% to 42% of the total in just one year, a sign of a change in strategy by malicious actors and an increasingly unstable geopolitical context.
Regarding Italian SMEs in particular, the Cyber Index SME Report, which measures the state of awareness and the ability to manage cyber risks in small and medium-sized Italian companies, presented at the end of March is certainly not reassuring: the 1,000 companies involved reached a Cyber Index of just 52 out of 100 (passing grade is 60), demonstrating serious gaps in cyber risk management.
Why SMEs are in the Crosshairs of Cybercriminals
The “Small Business” Paradox
Small and medium-sized enterprises represent a prime target for several strategic reasons: being small, often family-run, they don’t invest sufficient resources in a serious protection plan and employee training.
The data emerged from a recent survey conducted by Confindustria and Generali with the support of the National Cybersecurity Agency and the Digital Innovation Observatories of the Politecnico di Milano and highlighted a widespread vulnerability affecting about 450,000 companies, or 75% of the over 600,000 active companies in the Lazio region. In Rome and Lazio alone, 90% of SMEs lack adequate protection against cyber risk.
Only one in ten has adopted concrete initiatives to protect themselves, against a still modest national average of 15%.
The result is that, according to the cited survey, 30% of entrepreneurs admit to being aware of the risks but unable to sustain the necessary investments, while 35% try to solve the problem in an “artisanal” way, without professional tools. A further 25% of companies, however, have not adopted any defensive measures.
Very concerning data also because SMEs often serve as a “gateway” to attack larger companies. Today, in fact, work is predominantly done through supply chains, meaning large companies turn to various small suppliers, the SMEs, precisely, a very dense fabric that has always been the basis of the Italian economic system. If a malicious actor finds the “weak link in the chain” in an SME, they can easily access the data of a larger company connected to it.
Defending a small company from cyber attacks therefore means protecting the entire supply chain in which it operates.
Some experts predict that by 2025, 45% of organizations worldwide will suffer attacks on their software supply chain. This figure represents a 300% increase compared to 2021.
In this landscape of alarming data, what emerges is the strong responsibility of the human factor, an element also confirmed by the latest report from Mimecast titled The state of Human Risk 2025. According to the analyses, human errors have surpassed technological gaps and represent the most significant threat to organizations globally.
For all these reasons and also considering how important it is to maintain the dense fabric of Italian SMEs intact, the same National Cybersecurity Agency of our country, in collaboration with the Department for Information and Publishing of the Presidency of the Council of Ministers, has recently launched the campaign “Let’s turn on cybersecurity. Let’s protect our businesses ” with the aim of spreading greater cyber awareness among Italian SMEs and to sensitize them to invest in adequate measures, properly train personnel, and rely on the right professionals.
Cybersecurity as a Competitive Advantage
With three out of four SMEs expecting cyber attacks in 2025, cybersecurity is no longer optional but a fundamental requirement for the survival of SMEs.
Companies that adopt a proactive approach to cybersecurity not only protect themselves from threats but also gain a significant competitive advantage, demonstrating to customers and partners that they are reliable custodians of their data.
The goal is not to achieve absolute security, but to implement sufficient levels of protection to discourage attackers and direct them towards easier targets. In a landscape of constantly evolving threats, preparation and awareness represent the most effective weapons available to Italian SMEs.
Investing in continuous and quality training and building knowledge and a digital posture capable of standing up to even the most astute cybercriminals is the only possibility today to keep companies and their future safe.
