Italy - CybersecurityItaly - Cybersecurity
Overview
In 2018, the Italian cybersecurity market was valued about $1.3 billion, registering growth of 12 percent over the previous year. According to statistics published in the Italian Information Security Association (CLUSIT) annual report, in 2018 about 1,552 serious offenses were recorded, on average 4 per day, for an increase of 38 percent compared to 2017. Investments made have been mainly on projects necessary to adapt to the General Data Protection Regulation (GDPR) requirements, contributing to more than half of the growth trend recorded, and 75 percent of the total representing expenditures of large companies.
Large company investments primarily drive the Italian market for cybersecurity as most IT managers are aware of the increasing risk of intrusion into business information systems. Italian firms are also becoming more concerned about internal threats to data confidentiality, integrity, availability and authentication. The financial/banking and utilities sectors are the main end-users of ICT security in Italy, followed by defense, national and local governments, manufacturing, transportation and telecommunications sectors.
ore than 50 percent of small- and medium-sized firms continue to be unprepared to face increasing threats. One in five firms does not have a specific investment plan for information security or allocates resources only in case of need. This is reflected in the relatively modest value of the cybersecurity solutions market; nevertheless, sector analysts expect security spending to grown.
Medium-size companies and (to a lesser extent) small companies are increasingly investing in ICT security, often choosing cloud security to take advantage of the most advanced available solutions. The general tendency among managers of small firms has been that of showing resistance to approve ICT security expenditures because they perceive security as a cost rather than an investment. The situation is changing as businesses increasingly take hold of a cultural shift that acknowledges cybersecurity as a core business requirement.
ICT associations, the La Sapienza University Research Center of Cyber Intelligence and Information Security (CIS) and the National Interuniversity Consortium for Informatics (CINI) have recommended the adoption of “Fifteen Essential Controls” by businesses to reduce vulnerability and improve resistance to the most common cyberattacks. The critical controls to enhance security include device and software inventory, laws and regulations that are suitable for small firms, malware protection, password and account management, training and awareness, data and network protection. It has been estimated that the cost of implementing these security measures amounts to about $12,000 for a micro firm (up to 9 employees) and around $29,350 for small firms (up to 50 employees).
At the national government level, cybersecurity is considered a top priority. The Italian government presented the first ever National Cybersecurity Framework (NCSF) in 2015, much of which derives from the NIST Framework for Improving Critical Infrastructure Cybersecurity. The framework is a common reference to identify existing and future sector standards and regulations, and adoption is voluntary.
At the EU level, the Network and Information Systems (NIS) Directive took effect on June 26, 2018. It aims to raise levels of the overall security and resilience of network and information systems across the region. The Directive sets minimum baseline requirements to ensure better protection of critical infrastructures. It also sets basic principles for Member States for common minimum capacity building and strategic cooperation and directs operators of essential services (OES) and digital service providers (DSP) to ensure they apply basic common security requirements.
In Italy, most provisions of the NIS Directive were already implemented through the National Cybersecurity Framework and the National Plan for Cyber Protection and IT Security of 2017. The ministries identified as having regulatory authority over OESs include the Ministry of Economic Development, Infrastructures & Transportation, Economy & Finance, Health and Environment. The Security Intelligence Department (DIS) has been designated as the point of contact agency with the EU authorities.
Leading Sub-Sectors
Top market drivers include increased IT security awareness and enforcement of new government measures, while challenges stem from the adoption of new technologies and new business organizational models requiring the implementation of security measures such as secure mobility and virtualization (digital transformation processes). Public administration investments are expected for the protection of digital identity and critical infrastructures.
U.S. technology is highly regarded, and strong opportunities exist for American companies offering innovative and sophisticated products, as well as data and value-added services. Italy is a signatory of the Information Technology Agreement (ITA), a multilateral agreement which eliminates import duties on a large number of high technology products, including computers, telecommunication equipment, semiconductors, semiconductor manufacturing and testing equipment, software, scientific instruments, as well as most of the parts and accessories of these products. This applies also to products imported from the United States.
Strong opportunities exist in the following areas:
Software: Mobile security; Cloud security; secure content management; identity and access management solutions, including solutions for controlling access to physical and virtual servers; security/vulnerability management solutions; strong authentication software solutions; Identity Relationship Management (IRM) for Internet of Things (IoT); endpoint solutions.
Hardware: Unified Threat Management (UTM) appliances; firewall/VPN appliances;
intrusion detection/ prevention systems; secure content management appliances.
Services: Security management policy development; risk and vulnerability assessment; policy audit; policy enforcement consulting; management support consulting; managed security services; remote monitoring and management of security technologies.
Opportunities
The implementation of EU legislation and actions stemming from the National Framework and the National Cybersecurity Plan are expected to facilitate the growth of this market. As part of its Digital Agenda, the Italian government is planning to make considerable investments in digital identity protection to increase the security levels of digital transactions and therefore the trust of consumers; to guarantee that online privacy and data laws are enforced to protect citizens’ identities; and to activate warning systems to notify citizens when security breaches occur.
Web Resources
National Strategic Framework for Cybersecurity
http://www.cybersecurityframework.it/en
Italian Cybersecurity Association (CLUSIT)
https://www.clusit.it/homee.htm
Italian Association of Critical Infrastructures Experts (AIIC)
https://www.infrastrutturecritiche.it/
La Sapienza University Research Center of Cyber Intelligence and Information Security (CIS)
http://www.cis.uniroma1.it/en
Italian ICT Industries Association (Assinform)
http://www.assinform.com/
Italian Digital Agenda (Agenzia per l’Italia Digitale)
https://www.agid.gov.it/en
Public System for Digital Identity Management (SPID)
http://www.spid.gov.it/
Public Administrations make their most relevant purchases through public tenders open to both domestic and foreign companies. Tender announcements are published in the EU’s Tenders Electronic Daily (TED), https://ted.europa.eu/TED/main/HomePage.do. For information on public procurement in the EU, visit the U.S. Mission to the European Union website: http://export.gov/europeanunion/
Trade Event
Infosecurity Europe
London
June 2020
https://www.infosecurityeurope.com/
U.S. Commercial Service Contact:
Maria Calabria, Commercial Specialist
U.S. Commercial Service, U.S. Embassy Rome
Tel: +39 06 4674-2427
E-mail: maria.calabria@trade.gov
http://export.gov/italy
Prepared by our U.S. Embassies abroad. With its network of 108 offices across the United States and in more than 75 countries, the U.S. Commercial Service of the U.S. Department of Commerce utilizes its global presence and international marketing expertise to help U.S. companies sell their products and services worldwide. Locate the U.S. Commercial Service trade specialist in the U.S. nearest you by visiting http://export.gov/usoffices.
In 2018, the Italian cybersecurity market was valued about $1.3 billion, registering growth of 12 percent over the previous year. According to statistics published in the Italian Information Security Association (CLUSIT) annual report, in 2018 about 1,552 serious offenses were recorded, on average 4 per day, for an increase of 38 percent compared to 2017. Investments made have been mainly on projects necessary to adapt to the General Data Protection Regulation (GDPR) requirements, contributing to more than half of the growth trend recorded, and 75 percent of the total representing expenditures of large companies.
Large company investments primarily drive the Italian market for cybersecurity as most IT managers are aware of the increasing risk of intrusion into business information systems. Italian firms are also becoming more concerned about internal threats to data confidentiality, integrity, availability and authentication. The financial/banking and utilities sectors are the main end-users of ICT security in Italy, followed by defense, national and local governments, manufacturing, transportation and telecommunications sectors.
ore than 50 percent of small- and medium-sized firms continue to be unprepared to face increasing threats. One in five firms does not have a specific investment plan for information security or allocates resources only in case of need. This is reflected in the relatively modest value of the cybersecurity solutions market; nevertheless, sector analysts expect security spending to grown.
Medium-size companies and (to a lesser extent) small companies are increasingly investing in ICT security, often choosing cloud security to take advantage of the most advanced available solutions. The general tendency among managers of small firms has been that of showing resistance to approve ICT security expenditures because they perceive security as a cost rather than an investment. The situation is changing as businesses increasingly take hold of a cultural shift that acknowledges cybersecurity as a core business requirement.
ICT associations, the La Sapienza University Research Center of Cyber Intelligence and Information Security (CIS) and the National Interuniversity Consortium for Informatics (CINI) have recommended the adoption of “Fifteen Essential Controls” by businesses to reduce vulnerability and improve resistance to the most common cyberattacks. The critical controls to enhance security include device and software inventory, laws and regulations that are suitable for small firms, malware protection, password and account management, training and awareness, data and network protection. It has been estimated that the cost of implementing these security measures amounts to about $12,000 for a micro firm (up to 9 employees) and around $29,350 for small firms (up to 50 employees).
At the national government level, cybersecurity is considered a top priority. The Italian government presented the first ever National Cybersecurity Framework (NCSF) in 2015, much of which derives from the NIST Framework for Improving Critical Infrastructure Cybersecurity. The framework is a common reference to identify existing and future sector standards and regulations, and adoption is voluntary.
At the EU level, the Network and Information Systems (NIS) Directive took effect on June 26, 2018. It aims to raise levels of the overall security and resilience of network and information systems across the region. The Directive sets minimum baseline requirements to ensure better protection of critical infrastructures. It also sets basic principles for Member States for common minimum capacity building and strategic cooperation and directs operators of essential services (OES) and digital service providers (DSP) to ensure they apply basic common security requirements.
In Italy, most provisions of the NIS Directive were already implemented through the National Cybersecurity Framework and the National Plan for Cyber Protection and IT Security of 2017. The ministries identified as having regulatory authority over OESs include the Ministry of Economic Development, Infrastructures & Transportation, Economy & Finance, Health and Environment. The Security Intelligence Department (DIS) has been designated as the point of contact agency with the EU authorities.
Leading Sub-Sectors
Top market drivers include increased IT security awareness and enforcement of new government measures, while challenges stem from the adoption of new technologies and new business organizational models requiring the implementation of security measures such as secure mobility and virtualization (digital transformation processes). Public administration investments are expected for the protection of digital identity and critical infrastructures.
U.S. technology is highly regarded, and strong opportunities exist for American companies offering innovative and sophisticated products, as well as data and value-added services. Italy is a signatory of the Information Technology Agreement (ITA), a multilateral agreement which eliminates import duties on a large number of high technology products, including computers, telecommunication equipment, semiconductors, semiconductor manufacturing and testing equipment, software, scientific instruments, as well as most of the parts and accessories of these products. This applies also to products imported from the United States.
Strong opportunities exist in the following areas:
Software: Mobile security; Cloud security; secure content management; identity and access management solutions, including solutions for controlling access to physical and virtual servers; security/vulnerability management solutions; strong authentication software solutions; Identity Relationship Management (IRM) for Internet of Things (IoT); endpoint solutions.
Hardware: Unified Threat Management (UTM) appliances; firewall/VPN appliances;
intrusion detection/ prevention systems; secure content management appliances.
Services: Security management policy development; risk and vulnerability assessment; policy audit; policy enforcement consulting; management support consulting; managed security services; remote monitoring and management of security technologies.
Opportunities
The implementation of EU legislation and actions stemming from the National Framework and the National Cybersecurity Plan are expected to facilitate the growth of this market. As part of its Digital Agenda, the Italian government is planning to make considerable investments in digital identity protection to increase the security levels of digital transactions and therefore the trust of consumers; to guarantee that online privacy and data laws are enforced to protect citizens’ identities; and to activate warning systems to notify citizens when security breaches occur.
Web Resources
National Strategic Framework for Cybersecurity
http://www.cybersecurityframework.it/en
Italian Cybersecurity Association (CLUSIT)
https://www.clusit.it/homee.htm
Italian Association of Critical Infrastructures Experts (AIIC)
https://www.infrastrutturecritiche.it/
La Sapienza University Research Center of Cyber Intelligence and Information Security (CIS)
http://www.cis.uniroma1.it/en
Italian ICT Industries Association (Assinform)
http://www.assinform.com/
Italian Digital Agenda (Agenzia per l’Italia Digitale)
https://www.agid.gov.it/en
Public System for Digital Identity Management (SPID)
http://www.spid.gov.it/
Public Administrations make their most relevant purchases through public tenders open to both domestic and foreign companies. Tender announcements are published in the EU’s Tenders Electronic Daily (TED), https://ted.europa.eu/TED/main/HomePage.do. For information on public procurement in the EU, visit the U.S. Mission to the European Union website: http://export.gov/europeanunion/
Trade Event
Infosecurity Europe
London
June 2020
https://www.infosecurityeurope.com/
U.S. Commercial Service Contact:
Maria Calabria, Commercial Specialist
U.S. Commercial Service, U.S. Embassy Rome
Tel: +39 06 4674-2427
E-mail: maria.calabria@trade.gov
http://export.gov/italy