We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Governance

Cyber Security Observatory and NIS2 Directive

The Cyber Security Observatory, presented at the Chamber of Deputies, analyzes the preparedness of Italian companies in response to the NIS2 European Directive. The article explores the implications of the regulation, the level of compliance, gaps in risk management, and the opportunities of a resilient approach to cyber security. The NIS2 Directive, transposed into Italian law with Legislative Decree 138/2024, mandates security measures to protect critical assets and ensure operational continuity. Beyond regulatory compliance, the goal is to build true digital resilience, enabling organizations to respond and adapt to emerging threats.

NIS2 Directive

11 February 2025

Table of contents

  • The NIS2 Directive: an opportunity for digital resilience 
  • The strategic role of corporate leadership 
  • International collaboration and national security 

The evolution of digital threats and the increasing complexity of IT systems require a strategic and structured approach to security. The Cyber Security Observatory, presented at the Chamber of Deputies, provides an overview of the preparedness of Italian companies in response to the European NIS2 Directive.

This article explores the regulatory implications, the level of compliance among businesses, gaps in risk management, and the opportunities provided by a resilient approach to cyber security

The NIS2 Directive: an opportunity for digital resilience 

The NIS2 Directive, implemented in Italy through Legislative Decree 138/2024, represents a milestone in building a secure European system. The regulation requires companies in critical sectors to adopt adequate security measures to protect their assets and ensure operational continuity.

However, it is not just about complying with bureaucratic regulations—the goal is to promote true digital resilience, which includes the ability to react and adapt to new threats. 

According to an analysis by Tinexta Cyber, 61% of Italian companies have embarked on a structured path toward NIS2 compliance. However, areas such as personnel training and risk management remain lacking, highlighting the urgency of a shift in approach. 

The preparedness of Italian companies 

The readiness of Italian companies to respond to the challenges posed by the NIS2 Directive is crucial for protecting the national system and ensuring business competitiveness.

However, data from the Cyber Security Observatory indicate that many companies are still in the early stages of compliance. This highlights the gap between corporate awareness of the growing importance of cyber security and the actual implementation of effective strategies to address cyber risks

Fragmentation in security approaches 

One of the main challenges identified is the lack of an integrated strategic vision. Many companies rely on isolated, often reactive solutions to manage cyber risks.

Example
Traditional perimeter protection systems and antivirus software are still widely used, but they are no longer sufficient against increasingly sophisticated and rapidly evolving threats

Moreover, there is poor integration between different corporate departments when addressing cyber security issues. This fragmented approach not only exposes companies to potential vulnerabilities but also hinders the development of strong digital resilience, which is a key requirement of NIS2. 

Specific gaps in strategic sectors 

Certain sectors, deemed particularly critical due to their strategic importance and role in ensuring national operational continuity, exhibit significant shortcomings. These include: 

  • Energy
    The interconnection of networks increases the risk of attacks that could compromise the entire system. 
  • Healthcare
    The protection of sensitive patient data is a major concern, often managed through outdated infrastructure. 
  • Transport
    Automation and digitalization are expanding the attack surface. 

These vulnerabilities are particularly concerning as they undermine the country’s ability to respond to crises, such as large-scale cyberattacks or incidents affecting critical infrastructure. 

Training and security culture 

Another critical issue is the lack of a widespread corporate culture around cyber security. The Cyber Security Observatory found that employee training, which is essential to reducing human error, is often neglected or limited to a few key individuals. 

Only about 30% of Italian companies have implemented regular training programs for all employees, while the rest provide only occasional training, often in response to specific emergencies.

This is particularly problematic given that human error is one of the primary attack vectors exploited by cybercriminals. 

Delays in risk management and supply chain security 

Risk management and supply chain protection are additional areas of concern. Italian companies struggle to implement comprehensive frameworks for identifying, assessing, and mitigating risks across their entire supply chain.

Many suppliers, especially small and medium-sized enterprises (SMEs), lack the necessary resources to meet NIS2 requirements, increasing risks for the businesses that rely on them. 

Moreover, global supply chains amplify vulnerabilities, as a single weak point can have systemic consequences. However, only a minority of companies take effective measures to assess and verify the security of their suppliers. 

Progress and prospects 

Despite these challenges, there are encouraging signs. Sectors such as banking and insurance are leading the adoption of advanced cyber security practices, partly due to stringent financial regulations.

Additionally, the rise in global cyberattacks is prompting more companies to consider cyber security a strategic priority rather than just a cost. 

An evolving landscape 

Achieving compliance with NIS2 is a demanding process, but it presents an opportunity for Italian companies to rethink their operational models, improve risk management, and build digital resilience that enhances their competitiveness both nationally and internationally. 

To accelerate this process, companies must: 

  • Invest in advanced threat detection and incident response technologie;
  • Collaborate with industry leaders to implement tailored solutions;
  • Adopt a holistic security approach that involves all organizational levels, from employees to top management. 
Cyber security Observatory

The strategic role of corporate leadership 

The effectiveness of NIS2 compliance largely depends on the active involvement of top management. Boards of directors must take a leading role in defining security strategies.

Cyber security can no longer be considered merely an IT task—it must become a strategic priority that influences all business decisions. 

Investing in cyber security is not just about protecting against cyber threats; it is also a statement of reliability and competitiveness that increases customer and partner trust. A holistic approach to risk management enables companies to navigate complex scenarios with greater flexibility. 

International collaboration and national security 

Cyber threat protection is not confined to national borders. As emphasized during the presentation of the Observatory, Italy must collaborate with other Western nations, including the United States, the United Kingdom, and Japan, to build a common defense against increasingly sophisticated attacks. 

Building a shared ecosystem based on best practices and advanced technologies is essential to strengthening the country’s digital sovereignty. In this context, ANGI (National Association of Young Innovators) acts as a bridge between institutions, businesses, and public administration to promote secure and resilient innovation. 

Conclusions 

Cyber security is not just a technical or regulatory issue but a driver of growth and innovation. The strategic measures required by NIS2 can become a competitive advantage, improving operational efficiency and creating development opportunities.

In an increasingly complex digital landscape, compliance is not a final destination but an ongoing journey toward security that protects the present and prepares for the future. 

Questions and answers 

  1. What does the NIS2 Directive require? 
    NIS2 mandates that companies in critical sectors adopt advanced security measures to ensure digital resilience. 
  2. Which sectors are covered by NIS2? 
    Energy, transportation, healthcare, finance, and other strategic industries are included in the regulation. 
  3. Why is digital resilience important? 
    Digital resilience enables companies to quickly respond and adapt to cyber threats and attacks. 
  4. How prepared are Italian companies? 
    Only 61% of businesses have initiated a structured compliance process with NIS2. 
  5. What are the main cyber security gaps? 
    Insufficient training, poor risk management, and limited investments are major concerns. 
  6. How can companies improve their security?
    By adopting best practices, making strategic investments, and collaborating with industry experts. 
  7. What is the role of top management in NIS2? 
    Corporate leadership must drive security strategies and foster a cyber security culture. 
  8. Why is international collaboration important? 
    Cooperation with other countries strengthens defenses against global cyber threats. 
  9. What role does employee training play? 
    Training is crucial for building an aware and prepared corporate culture. 
  10. What are the benefits of NIS2 compliance? 
    Beyond protection, compliance enhances customer trust and business competitiveness. 
5
To top