The role of cybersecurity in digital transformation

According to the Clusit 2020 report, cyber attacks have increased by 7 per cent from January to June 2019.

Cybercrime seems to have adapted well to the change in context brought about by the pandemic, finding fertile ground among all those companies that are experiencing a transition to digitised systems.

Considering the acceleration in the pace of digital transformation, most organisations have adopted cutting-edge ICT technologies, contributing to the growth of a market (that of cyber security) that has seen an 11% increase in 2019, reaching EUR 1.3 billion, according to data from the Information Security & Privacy 2020 Observatory.

However, there remains a need to analyse the relationship between transformation and security, which are often considered as separate activities but are, in reality, two sides of the same coin.

In fact, the year 2020 has been characterised by changes that have influenced everyone’s daily and working life habits, encouraging the use of the Net as the main channel for enabling relationships, training and all forms of agile work. The fact is that these events have also seen cyber attacks increase at the same rate, increasing by 91.2% if the time period between 2014 and 2019 is taken into account, with the Severity Average (an index introduced by Clusit since 2017) at the same time worsening, acting as a multiplier of the damage.

Also from the Clusit 2020 report, the sectors most affected by serious cyber attacks in the first half of 2020 emerge:

  • Multiple targets: These are attacks carried out in parallel by the same criminal organisation against numerous organisations belonging to different categories (these types of attacks are up by 26% compared to 2019)
  • Research/education: +63%
  • Critical infrastructures: +85%
  • Government contractors: +73%

On the other hand, attacks in the ‘healthcare’, ‘banking/finance’ and ‘online services/cloud’ sectors declined.


Types and distribution of victims (1H 2020).

From this initial analysis, it seems clear that as our online presence increases, so do the risks, opening the door to new forms of cybercrime.

What is still lacking is an adequate culture on the part of companies on the subject of security, which must face up to a concept that cannot be trivialised to mere defence against external attacks, but must be understood as an integrated system, equal to contemporary challenges.

According to Renato Russo, Business Developer Professional at Fastweb, in order to try to further develop the culture of security in Italy, three types of intervention should be taken into account, based on a three-dimensional matrix composed of technology, processes and people. Each dimension can only be considered effective if the other two are present at the same time. More specifically:

  • TECHNOLOGIES: a level represented by multi-level security where, also thanks to the implementation of predictive models based on artificial intelligence, it is possible to identify anomalous patterns.
  • PROCESSES: made up of interacting and correlated activities where tests and audits are carried out, identifying the activities that guarantee the greatest security margin and converting them into normative procedures.
  • PEOPLE: consisting of all employees. In fact, they should achieve adequate awareness in order not to fall for phishing attempts, increasing alertness when exposing data in the cloud, implementing company policies. All the necessary initiatives to increase the level of awareness of the actors in the company are indispensable.

A survey by Netwrix identifies 10 priorities for the IT market in Italy, outlining which fields need to be invested in to meet the new business needs. Here is a summary of the survey:

In conclusion, true innovation lies in the ability to cautiously balance actions aimed at digitising processes and others aimed at securing structures and data. Only by finding the right balance between digital transformation and information security will organisations be able to trigger that virtuous mechanism capable of delivering a real and quantifiable benefit.