In Italy, over 3,000 people lose their lives on the roads every year, despite everyone knowing basic safety rules. In cybercrime, the scenario isn’t all that different: millions of victims every year, even though it’s now well known that suspicious links are traps to be avoided. And if phishing continues to exist in all its forms, that means someone is still falling for it. So, how can we explain this contradiction? Cognitive biases come into play, mental shortcuts that make us think “A LOT”: “I have nothing to steal,” or “it will never happen to me,” or “I’m always careful,” and so

In recent years, cybersecurity has risen to the top of the agendas of businesses, institutions, and public administration. But if we look at the numbers, Italy still seems to be running on empty: it invests approximately 0.12% of GDP in digital security, less than half that of France and Germany and barely a third of the United Kingdom and the United States (sources: Clusit Report 2025, DeepStrike Cybersecurity Spend Report 2025). This limited budget translates into an often outdated and dusty toolkit, unable to keep pace with the scale and complexity of attacks. The Clusit 2025 Report paints a picture of a