The introduction to the appointment with the Clusit 2020 Report was the prerogative of Gabriele Faggioli, president of the Clusit Association.
A totally online edition, recalls Faggioli, made necessary by the emergency Covid-19. It is a special year for Clusit, full of events of deepening and institutional relations (for example, with the Privacy guarantor and with the Senate of the Republic). The important work of data collection and critical analysis is the focus of Clusit, and the pandemic certainly did not reduce the amount of work (it has encouraged it).
There are over 250 startups active in cybersecurity financed by the market, and unfortunately only 2% of these are Italian.
Since, continues Faggioli, Italian talents certainly do not lack, this implies that our best skills have obtained funding abroad, going to enrich other nations.
The average amount of Italian funding is also ludicrous: while abroad these startups get on average $15 million each, in Italy we struggle to reach a single million dollars. A report 15 to 1, underlines the president of Clusit, who explains all too well the reasons why Italy is running out at the bottom of the cybersecurity ranking. Creating jobs in this area requires public and private funding, notes Faggioli, and it is really difficult to blame him.
Investment in cybersecurity solutions should be distinguished by size of organisations. In large enterprises, there is a clear increase in the attention to cybersecurity, and consequently expenditure is growing significantly. On the contrary, the EMIs do not show equal attention to this area and a regulatory push would certainly have a fundamental role to play.
According to the Clusit 2020 report, the growth of cybersecurity spending this year will probably be flat. In this case, the impact of the pandemic and the resulting collapse of the necessary funds is evident.
The ratio of GDP to cybersecurity spending is very negative, as we are 0.07%. By comparison, France invests almost three times as much as we do, and the United Kingdom almost five times as much.
On the other hand, we are experiencing a rushing digital transformation. Faggioli recalls that, although this growth was mostly immediate and not designed, this has led to a much wider diffusion of digital tools. Clusit hopes that the legislator will intervene to regulate and guide this path, to put cybersecurity at the center of this technological path.
Having safe approaches by default is crucial, as it is much less complex than securing ex post existing solutions.
Moreover, that malware and phishing are still at the top of cyber attacks, this implies that the success rate is still high. These attacks are largely linked to the lack of awareness of users, and indicate how much work still needs to be done on this issue. According to the Clusit 2020 report, elevating awareness is the first way forward.
To achieve results in this area, institutions must be involved, and in the hearing at the Senate Clusit suggested setting up courses that concern the school system, as well as forms of communication similar to the Advanced Advertising.
Clusit 2020 report, cybercrime data
Andrea Zapparoli Manzoni has entered into detail of the data on serious attacks collected by Clusit.
Attacks that have grown since 2014 by over 200% to date, with a trend that has never stopped growing.
In fact, as of 2018, cyber criminals have increased both the number and the strength of their attacks.
The Clusit 2020 report shows that the United States remains the target of the attackers with more than 45% of the cases. However, Europe also grows in this ranking, from 9 to 15% of the total. According to Zapparoli Manzoni this is partly attributable to the obligations to communicate data breach following the law of the Gdpr.
In the detail of the attackers, the percentage of cybercriminals is now the predominant part and well above 80% of the total, at the expense of the hacktivism, now with marginal shares of the total.
That a huge number of successful phishing attacks were Covid-themed (over 40%) is bleak, Clusit points out.
Again the theme of awareness and basic lack of competence is again: it is always the human factor that is the weakest in all.