Fabrizio Saviano : 1 November 2025 09:29
In recent years, cybersecurity has risen to the top of the agendas of businesses, institutions, and public administration. But if we look at the numbers, Italy still seems to be running on empty: it invests approximately 0.12% of GDP in digital security, less than half that of France and Germany and barely a third of the United Kingdom and the United States (sources: Clusit Report 2025, DeepStrike Cybersecurity Spend Report 2025).
This limited budget translates into an often outdated and dusty toolkit, unable to keep pace with the scale and complexity of attacks. The Clusit 2025 Report paints a picture of a reality that leaves little room for hope: serious attacks in our country have increased by 15.2% in the last year, and almost every day someone suffers significant damage, as demonstrated by the 357 serious incidents recorded in 2024.
Add to the picture a significant digital divide: only 45% of Italians have basic digital skills, and many companies struggle to find specialized professionals to defend themselves (source: DESI Digital Skills Report 2025). In practice, this shortage creates a safety net of holes rather than protection.
Nothing new for the attackers, who attack us with automatic mechanisms that in Italian public and private sectors— where even purchasing technology, a training course, or a consulting service is an obstacle course —are pure fantasy: it’s the new reality, not an exception to be plugged.
And here comes the CISO , the head of digital security, a figure who can no longer be just a brilliant technician or a pedantic jurist: a blend of law, technology, management, and communication is required. Those in this role must be able to transform complex technical language into convincing arguments for the organization’s top management, who are often reluctant to understand that security is not technology, but strategy.
The asymmetry between defenders and attackers is almost a joke: the bad guys often have more budget, fewer rules, and more freedom of action. A change of pace is urgently needed, involving coordinated investments, the development of broad skills, and a profound cultural shift.
With each passing day without a decisive change, the risk to the country’s economic system grows until the next report. Cybersecurity is no longer an option, but a fundamental asset for survival in a hyperconnected world.
For more information on how to prepare professionals capable of making this leap, I recommend the “CISO Security Manager Manual,” which offers a concrete, multidisciplinary training program.
Fabrizio Saviano