FOREWORD
This document was born within the working group on “Cyber Resilience of Critical Infrastructure” of Unindustria with the collaboration of the Association of Security Managers AIPSA and the Cyber 4.0 Competence Center.
The objective behind the work was to help SMEs, both regionally and nationally, to assume a better cyber security posture in the belief that this is as crucial to protect the national production fabric (made up for the vast majority of small and very small businesses) as it is to ensure the proper functioning of infrastructures vital to the country that see a myriad of small businesses as their suppliers.
Unfortunately, the cyber threat is increasingly topical and is such that inadequate management of it can expose, especially medium-small realities, to devastating setbacks that can even lead to the bankruptcy of the individual industrial reality. Large business realities have understood this issue and have long implemented specific programs with the aim of putting in place a virtuous process to constantly raise corporate culture and technological solutions so that they are adequate to cope with the cyber scenario.
The same cannot always be said for SMEs characterized in large part by a lack of specific cultural competencies that lead primarily to a minimalist view of the issue resulting in an underestimation of the seriousness and a tendency to allocate scarce economic resources to aspects perceived as more profitable. To provide an alternative view, with this paper we set out to highlight how “expenditures” in cyber security, provided they are well directed, are primarily “enabling investments” for the consolidation and resilience of any company’s business.
Indeed, as evident from reading this paper, the requirements of an appropriate cyber posture are increasingly considered essential by large industrial entities to accredit a company as their supplier. This trend is likely to increase in the coming years in light of the growing awareness at all levels of the relevance of the cyber issue and thus the willingness on the part of large industrial groups to preserve their reputation by imposing an appropriate cyber posture on their suppliers.
As discussed in more detail in the next section, the survey involved 32 companies, some of which saw fit to reveal themselves as participants in the analysis and whose list is given in the title page of this paper. Others preferred to remain anonymous.
To all those who wished to contribute to the survey goes our unconditional applause and thanks as well as we are obliged to thank our colleagues in Unindustria who have fruitfully collaborated by creating the links and channels of contact with the various realities of Lazio and beyond.