25 October 2023 • 2 minute read
CyberItalia: The regulatory evolution of cybersecurity in Italy, what you need to know
Cybersecurity legislation is broad and complex. In our CyberItalia series we review the regulatory evolution of cybersecurity in Italy.
Cybersecurity, in its most general sense, refers to the activity of analysing and detecting cyberthreats and implementing appropriate preventive and countermeasures to ensure the security of computer systems.
The proliferation of Information and Communication Technologies (ICT), which drive the economic and social development of modern societies, has been accompanied in recent years by systems and infrastructures being exposed to increasingly sophisticated and deadly cyberattacks.
According to the Clusit 2023 report, there was a 60% increase in cyberattacks between 2018 and 2022, not only in terms of number but also in terms of severity, with significant economic impact. Global superpowers remain the main targets of cybercriminals, and Italy is one of the most vulnerable countries to cyberattacks. In 2022 alone, the country was the victim of 7.6% of global cyber-attacks, which, according to an IBM study, cost Italian companies an average of EUR3 million.
The need for coordinated prevention and response to cyberthreats has become a priority on the European legislative agenda. As a result, since 2016, the regulatory framework for cybersecurity has expanded exponentially at both European and national levels.
Two regulations, two directives, a long list of national implementing decrees and a number of legislative proposals under discussion now make up the complex set of rules aimed at regulating the security of computer systems, both horizontally and vertically in specific sectors.
We will provide a timeline of cybersecurity regulatory evolution in the Italian legal system and offer a concise overview of the emerging regulatory framework.
This article on the regulatory evolution of cybersecurity is the first in our CyberItalia series. Every week we’ll explore a hot topic related to cybersecurity regulation in Italy.
