Goglio S.p.A. chooses Cyber Guru’s digital fitness program for its security
To strengthen reflexes against cyber threats
With a history of over 175 years, Goglio S.p.A. is one of the world’s leading players in flexible packaging. Founded in 1850, the Group designs, develops, and manufactures complete packaging systems, providing packaging lines, high-barrier flexible laminates, plastic accessories (valves and nozzles), and advanced services for every packaging need.
Goglio’s solutions are applied in multiple industrial sectors: coffee, food, chemicals, cosmetics, detergents, liquids, beverages, and pet food. With a global reach, Goglio has production plants in Italy, the Netherlands, the United States, China, and Brazil, and sales offices located in various European countries and Southeast Asia.
In such a context, accompanied by the increasing digitalization of production and logistics processes, the protection of technological know-how and operational continuity has become a priority for the Group.
Speaking to us is Paolo Carabelli, ICT Infrastructure & Digital Transformation Manager, after the company decided in May 2025 to undertake the corporate training path with Cyber Guru, involving 410 employees in Italy and Europe.
“The main challenge,” says Carabelli, “was to move beyond the view of cyber security as a purely technical issue, addressing instead the human factor variable through a path that was not perceived as monitoring, but as a growth of risk culture.”
Cyber security is not a product, but a process; this is the guiding principle adopted by Goglio, in line with the vision that Cyber Guru has always embraced.
“A principle that translates into the fact,” says Carabelli, “that people (the so-called human factor), often referred to as the weakest link in the chain, must instead be considered the strong and essential link in the cyber security management process. The strategic goal is to transform every employee from a potential target into an active sentinel, equipped with the knowledge and tools to neutralize risks at their source.”
Cyber Guru as a strategic partner
“Initially, cyber security training was organized through awareness webinars,” the manager explains. An approach that, while valid, was time-consuming as it fell outside the company’s core business. After having the opportunity to get to know Cyber Guru on various occasions and evaluating its features and potential, the choice was clear: an easy-to-adopt tool, implemented autonomously in a few hours, without any particular technical difficulties.
“I wouldn’t call it a computer course, but a digital fitness program that serves to strengthen ‘muscles’ and enhance reflexes against the threats that each of us may encounter every day, both in professional and private life.”
The Group has implemented a participatory security framework based on two fundamental pillars:
- Recursive and dynamic training: a constant update program on the evolution of cybercrime, aimed at generating widespread responsibility among all employees with the goal of maintaining high attention through continuous training – if training is delivered only once a year, it is not effective.
- Adaptive phishing simulations: the use of periodic practical tests to train staff reactivity. The chosen approach is experiential: the mistake made during the test becomes an immediate learning moment, increasing the ability to discern in daily activities.
Carabelli lists the advantages of the Cyber Guru training platform, summarizing them in 4 main points:
- Lightweight and non-invasive format: the training pills require on average only 15-20 minutes per month, with a relatively limited impact on daily work activities. Each employee can organize themselves independently, without being blocked for hours.
- Innovative and engaging approach: the modules are professionally made but light enough to be engaging and appreciated, avoiding the ‘boredom’ effect.
- Automation of phishing simulations: previously, simulations were created manually, requiring the heterogeneous sending of emails to different recipients. With Cyber Guru, ready-to-activate campaigns are available with detailed reports. The impact on IT is minimal: about 10 minutes per month to schedule the campaigns.
- Immediate and personalized feedback: when an employee falls for a phishing email, the system automatically starts a training pill that explains the error and indicates where they should have paid attention.
“The result is a solution that is lean to implement, easy to manage, and constantly updated, suited to corporate needs, allowing us to delegate to qualified professionals in the sector an area for which the company does not have the necessary skills for internal development.
Furthermore, we are talking about measurable benefits:
- a drastic decrease in interaction rates with suspicious emails during simulations;
- a significant increase in employee proactivity in reporting anomalies to the IT department, transforming every collaborator into an active sensor of the corporate network;
- the spread of a security culture even outside the workplace, protecting their private digital lives and those of their families.
The platform, in fact, offers training content not only on classic standard topics but also on innovative and current subjects, such as artificial intelligence, fake sites, and new social engineering techniques. In short, a multiplier effect that goes beyond company boundaries and grows the culture of security.”
“Given the positive results obtained in Italy and Europe, Goglio also tested the platform for its Chinese branch,” says Carabelli. “Colleagues in China confirmed that the language and examples are understandable and suitable even for the local context, paving the way for an international expansion of the training program.”
NIS2 training for management
Cyber Guru was the first product to offer targeted training on the NIS2 regulation. Goglio chose to implement the NIS2 training program for its management, also integrating phishing simulations.
Conclusions
One thing is certain: Goglio confirms its nature as a strongly innovation-oriented company. The choice of an advanced digital product for an area that is not core business (cyber security) demonstrates a commitment to culture, technological innovation, and the growth of people.
“The goal,” says Carabelli, “is to limit and reduce attacks as much as possible through continuous training and a culture of security. Digital security thus becomes a guarantee of reliability towards employees, customers, and suppliers.”
By consolidating the integrity of industrial processes and making people the first line of defense, Goglio demonstrates that innovation in the manufacturing sector also involves digital protection and the enhancement of human capital.
