ITALY Trends and Developments Contributed by: Paolo Balboni, Luca Bolognini, Francesco Capparelli and Giulia Finocchiaro, ICT Legal Consulting
Supply chain attacks and third-party risk Cybercriminals increasingly target ICT vendors, cloud service providers and managed security services to infiltrate large enterprises and gov - ernment networks: • NIS2 and DORA mandate third-party risk assessments, requiring businesses to con - duct due diligence on ICT suppliers; and • companies must ensure that contractual agreements with vendors include cybersecu - rity standards, incident-response obligations and compliance audits. AI-powered cyberthreats The adoption of artificial intelligence (AI) and automation in cybersecurity presents both opportunities and risks. While AI enhances threat detection and anomaly identification, cybercriminals are leveraging AI-driven attacks, including deepfake fraud and automated phish - ing campaigns. With the EU AI Act in development, companies deploying AI-based security tools must comply with transparency, accountability and risk miti - gation requirements. Compliance Challenges and Business Adaptation Increased regulatory complexity The overlap of cybersecurity laws (the GDPR, NIS2, DORA and national regulations) creates compliance challenges for businesses, particu - larly multinational corporations operating in Italy. To navigate regulatory complexities, organisa - tions must: • adopt integrated cybersecurity frameworks, aligning with EU and national requirements;
• develop multi-jurisdictional incident-response policies, ensuring compliance with sector- specific reporting rules; and • enhance cross-functional collaboration between legal, IT security and risk manage - ment teams to meet evolving obligations. Operational and financial burden on SMEs While large corporations can invest in cyber - security infrastructure and compliance pro - grammes, small and medium-sized enterprises (SMEs) face financial and technical challenges in meeting regulatory standards: • SMEs must leverage government incentives and public-private cybersecurity partnerships to access affordable security solutions; and • regulatory bodies are introducing simplified compliance frameworks for SMEs to balance security with operational feasibility. Future Outlook: Strengthening Cyber- Resilience in Italy Cybersecurity investment and public-private collaboration Italy is expanding investment in cybersecu - rity innovation, fostering collaboration between government agencies, private enterprises and academia to strengthen national cyber defence capabilities: • the National Cybersecurity Strategy (2022– 2026) promotes investments in cybersecurity R&D, skills development and cyber intelli - gence sharing; and • public-private partnerships are enhanc - ing real-time threat intelligence exchange, improving national resilience against State- sponsored attacks and cyber espionage.
161 CHAMBERS.COM
Powered by FlippingBook