BNL, Safety is learned through play



BNL, Banca Nazionale del Lavoro S.p.A., is an Italian bank based in Rome with over 100 years of history. Since 2006 it has been part of the BNP Paribas Group, a European leader in banking and financial services with a presence in more than 70 countries. Nowadays, it is among the largest Italian banking groups with around 2.5 million private clients.


The challenge

Transforming Cybersecurity Awareness into a pillar of “cyber culture” with a tangible and structured programme. Because defending against cyber threats is not just a matter for a few security specialists, but for all colleagues in the bank, including citizens and clients.


The solution

To protect its employees from cyber threats, BNL identified our platform as the most effective solution, capable of engaging all 13,000 employees in a positive challenge to strengthen their cybersecurity awareness.

Playing is something serious!

Cybersecurity requires special attention to the human factor, which is the weakest link in the security chain, but at the same time can make a difference through knowledge and awareness. “Since 2017,” says Marco Tulliani “we have increased our efforts on the cybersecurity programme based on the NIST Framework, with an important focus on prevention, because in our opinion in this ecosystem it is crucial to be able to define a set of rules and activate prevention steps. We also implemented a series of processes whereby our applications have security by design and we are creating a solid cybersecurity awareness.” IT security is an important element of corporate policies and requires not only a coordinated response between the public and private sectors, but also synergetic action inside and outside the bank. This is necessary to protect the bank and its clients from cyber threats.

How to raise the level of awareness

Physical cybersecurity needs special attention to the human factor, which is the weakest link in the security chain, but at the same time the element that can make the difference, acting on the level of knowledge and awareness. “Also based on the NIST Assessment, we started,” says Picano “with a survey that produced important results and helped us understand where we had to go from here. We then undertook several initiatives, including one on ethical phishing. We realised that we had to do a lot of training”. But in many cases, corporate intranet training is experienced as something to be imposed. This is why we opted for a specific e-learning platform, which allowed us to adopt a more engaging model”.

Group 159
Group 197

A Cyber Guru for security training

After careful selection, BNL chose the Cyber Guru platform as a solution to reinforce the security level. But that’s not all. Using the Cyber Guru solution, BNL mounted a real “cyber security awareness championship”, in which its 13,000 employees divided into 105 teams engaged in a real competition. “The goal is to make the behaviour of all colleagues in the bank safe, compliant and internalised,” says Picano.

How to measure results

“The first indicator for measuring results,” says Picano “is the participation of colleagues in the championship, which was almost total. Another important measurement we have made and will continue to make is the number and quality of responses to our regular ethical phishing campaigns, which allows us to understand how cyber culture is improving. Another relevant aspect is the increase in contacts and tickets to us to report suspicious cases or situations deserving investigation to the incident response team. Lastly, the awareness of top management, who want to be kept fully informed on the progress of the initiative, has also increased considerably.”

To read the full interview prepared by the Data Manager click here.

All Projects

Novomatic Italy

Novomatic Italy

Thanks to the training mode that characterizes Cyber Guru, Novomatic Italy’s CISO group saw the much sought-after and expected results arrive in a short time.

read more
Grimaldi Group

Grimaldi Group

Grimaldi Group, a multinational company based in Naples, is investing in cybersecurity awareness by utilizing the services offered by Cyber Guru.

read more

Want to find out more?

Want to know more?