The second SME Cyber Index Reportthe index measuring the state of cyber risk management awareness of small and medium-sized Italian companies. Cyber Index PMI, realised by Generali and Confindustriawith the scientific support of theCybersecurity & Data Protection Observatory of the School of Management of the Politecnico di Milano and with the participation of theNational Cybersecurity AgencyIt highlights and monitors over time the level of awareness of cyber risks within corporate organisations and the approaches taken by them to manage these risks.

 The four maturity levels for Italian SMEs in the second Cyber Index SME Report

The main finding of the Report is the need for a greater dissemination and promotion of cyber risk culture among small and medium-sized business organisations. The 1,005 SMEs involved in the Report achieve an average Cyber Index value of 52 out of 100 (the sufficiency level is 60 out of 100), up 1 percentage point from 2023. The SME Cyber Index is drawn up on the basis of three different dimensions: the strategic approach, the ability to understand the phenomenon and threats (identification), and the introduction of levers to mitigate the risk (implementation). The Report highlights how, although there is growing attention on the subject, there is a lack of real strategic approach involving the definition of investments and formalisation of responsibilities by the Italian corporate population, with an average score of 54 out of 100 (+ 2% vs. 2023). Although the levers of implementation are more developed, with a value of 57 out of 100 (+1% vs. 2023) SMEs find it difficult to prioritise, because they lack the right identification actions to approach the topic in a more judicious and conscious manner, with an average score of identification 45 out of 100 (+ 2% vs. 2023).

The respondents, representative of the entire population of Italian SMEs, can be grouped into 4 maturity levels:

• the 15% is considered ripehas a strategic approach to the subject, is fully aware of the risks and is able to deploy the correct implementation levers with initiatives involving people, processes and technologies
• the 29% can be defined aware: able to understand the implications of cyber risks but with often reduced operational capacity to act properly
• the 38% è informednot fully aware of cyber risks and the tools to be put in place, has a 'craftsman' approach
• the 18% can be defined beginner: with little awareness of cyber risks and almost no implementation of protective measures

Against the backdrop of a cybersecurity landscape that is experiencing a delicate moment, from 2018 to 2023 an increase of 79% of serious domain attacks public worldwide, the evolution of artificial intelligence techniques and theadvent of GenAI are a key factor in the cybersecurity of organisations: they will improve the ability to protect IT and information assets and help to further escalate the threat. Furthermore, NIS2 - the European directive that aims to establish a common cybersecurity strategy for all member states, raising the security levels of digital services on a European scale - is a new tool to raise awareness of the issue among small and medium-sized enterprises, helping to improve their security posture.

Angelo Camilli, Vice President for Credit, Finance and Taxation of Confindustria stated: "Cybersecurity is a fundamental pillar for the resilience and growth of our economic system. Strengthening digital security means protecting the future of our companies and the entire production system, creating a safer and more competitive ecosystem. Confindustria is working to support this process, through initiatives such as the SME Cyber Index and constant dialogue with institutions'.

For Pietro Labriola, Confindustria President's Delegate for Digital Transition: "Cybersecurity is a challenge that concerns businesses, institutions and citizens. In a context of increasingly sophisticated threats, it is essential that the country adopts a strategic approach that fosters a culture of cybersecurity. Confindustria has always been committed to working alongside companies, facilitating access to resources and skills and promoting the changes needed to make our country grow. We must therefore invest in secure technologies, increase skills, and build a system of public-private collaboration that enables our companies, especially SMEs, to protect themselves effectively'.

Attached is the SME Cyber Index Report