by Roberto Obialero, CISO at S2E
Every October, the European Cybersecurity Month invites companies and citizens to reflect on the importance of digital prevention.
For S2E, which has long been an active participant and promoter of this campaign, it is a key moment to reaffirm a deep conviction: corporate cybersecurity is not an obstacle to business, but an enabler of it.
The Culture of Prevention in Corporate Cybersecurity
Today, nearly 40% of cyberattacks stem from phishing or social engineering, and the rise of artificial intelligence has multiplied attackers’ ability to create increasingly convincing fake content. For S2E, the first line of defense is people’s awareness. Investing in security awareness training turns education into a strategic tool.
Through dedicated platforms and gamification techniques, companies can make learning more effective and continuous, motivating employees to take an active role in protecting the business.
As Obialero reminds us: “Employees and collaborators must be on the front line of corporate defense. Security is a team effort.”
NIS2 and DORA: Regulations as Growth Opportunities
The NIS2 and DORA directives are often seen as bureaucratic constraints. In reality, Obialero explains, they are the natural result of an essential evolution: in the past four years, cyberattacks against Italian organizations have increased by 600%, accounting for about one-tenth of all global attacks (source: Clusit).
For this reason, Europe calls on companies - especially SMEs, which make up over 90% of its economic fabric - to adopt adequate tools to reduce risk. Compliance with the NIS2 directive and the DORA framework thus becomes an opportunity to reassess processes, governance, and technological priorities, improving prevention capabilities and allocating resources where they are truly needed.
A solid ICT governance framework allows organizations to measure, monitor, and improve the effectiveness of security measures over time by defining concrete KPIs and data-driven strategies.
Resilience as the New Form of Sustainability
In 2025, with the enforcement of NIS2 and DORA, the concept of cyber resilience takes center stage. It’s no longer just about defense, but about maintaining operations even under attack—ensuring business continuity.
This principle lies at the heart of regulations such as the Digital Operational Resilience Act and the Cyber Resilience Act, which introduce a structured approach to protecting software, data, and critical infrastructures.
According to S2E, the priorities for integrating corporate cybersecurity into sustainable growth in 2025 and beyond include:
- Developing a widespread culture of digital responsibility at every corporate level
- Strengthening third-party management, which increasingly represents a point of entry for attacks
- Adopting Security Operations Center (SOC) models capable of reacting and learning
- Continuously measuring and optimizing processes and resources through automation and governance
The Value of Corporate Cybersecurity in the Digital Future
The message from Cybersecurity Month 2025 is clear: security is a condition for growth, not a limitation. In a world where technology is pervasive, the difference lies in people, culture, and adaptability.
Corporate cybersecurity views this balance as a lever for competitiveness: cyber resilience is not just a regulatory requirement, but the way a company demonstrates that it is ready for the future.
Riempi il Form sottostante per poter lasciare i tuoi commenti