Introduction
Why Cybersecurity Matters — And Not Just for the Tech Industry
A breach might start with a keystroke, but its echo depends on who’s listening.
In today’s digital society, cybersecurity can no longer be dismissed as a purely technical issue or a concern reserved for IT departments. One breach is enough to expose the personal data of millions, shake financial markets, and erode the trust between a company and its customers. But beyond the corporate boardrooms and security operation centers, there is a deeper, more human layer to every cyberattack and it’s unfolding online, in real time.
A Look Inside the Noise: Reddit as a Mirror of Cyber Perception
While news headlines often spotlight big attacks and corporate responses, platforms like Reddit offer a bottom up perspective, revealing what people actually say, feel, and fear when facing digital threats.
By analyzing thousands of Reddit comments and posts mentioning terms like phishing, data breach, ransomware, or zero trust, a more complex picture emerges. Conversations aren’t always polarized; users express both concern and confusion, sometimes anger, sometimes surprise. And the volume of posts is growing, suggesting that cybersecurity is no longer a niche topic but it’s becoming a mainstream, lived experience, especially for those who’ve had their identities stolen or accounts compromised.
This growing discourse, rich in emotion and nuance, underscores a simple truth: cybersecurity is not just about systems, it’s about people.
What the Emotions Reveal
As shown in our emotion analysis (see technical insight), most users express negative emotions (fear, anger, frustration) when discussing cyber incidents. However, there are also traces of relief, curiosity, even humor, proving that digital threats are woven into the emotional fabric of online life.
These aren’t just isolated incidents; they are a reflection of how modern society processes risk, privacy, and trust in the digital age.
Our Approach: Beyond Firewalls and Forensics
In light of this, our project adopts a systematic, graph-based approach to cyber threat intelligence, one that acknowledges not just the technical structure of attacks, but also their social and economic dimensions.
From data and maps to media coverage, public sentiment, company responses, investment flows, and technical knowledge, this investigation aims to decode the full lifecycle of cyber threats, with a particular focus on Italy.
Map the Hack
Since 2020, the world has witnessed a sharp rise in cyberattacks, marking a clear upward trend that shows no sign of slowing down. This phenomenon spans across all continents, with North America experiencing the most pronounced growth, though it’s worth noting that the dataset we analyzed is mostly U.S.based, which may partly explain the spike. Europe follows closely, highlighting the global scale of the threat and reinforcing the importance of a focused regional analysis. This escalation is closely linked to the rapid digital transformation triggered by the COVID-19 pandemic, which compelled organizations, institutions, and individuals to adopt digital technologies at an unprecedented pace, often without adequate cybersecurity safeguards, accelerating digital adoption by three to four years in many sectors. As we shift our focus to comparing trends within Europe, and specifically between Italy and the broader region, this context becomes especially relevant.
Following this overview, our data identified Italy as the second most targeted country in Europe, with around 900 attacks, trailing only the United Kingdom, which recorded approximately 1,500. The gap is significant, yet Italy clearly remains a primary target. Other major European powers like France, Germany, Spain, and Russia also rank among the top, though they fall behind Italy in total incidents. On a global scale, Italy still holds a prominent position, ranking fourth overall (after USA, UK and Canada). The United States dominates the landscape with a dramatically higher volume of attacks, underscoring both the scale of the threat and the importance of regional resilience.
When comparing Italy’s cyber-attack trend to the European average, a clear divergence emerges. In certain years, such as 2017 or 2020, the numbers were nearly aligned, suggesting a comparable threat level. But shortly thereafter, Italy’s curve began to rise steadily, with sharp peaks starting around 2021. This contrasts sharply with the broader European trend, which has remained comparatively moderate. This gap highlights the urgent need for focused attention on Italy, where cyber threats are escalating at a faster pace, calling for targeted, localized analysis and response. The plot depicting this comparison uses Italian cyber-attack data alongside a population-weighted European average, calculated using 2024 population figures per country to provide a more accurate regional context.
This brings us to the core of our investigation: who is being targeted the most in Italy and why? To better understand this phenomenon, it’s essential to first clarify the structure of the Italian corporate landscape. The characteristics of the national business ecosystem play a key role in shaping both the exposure and vulnerability of different actors. The overview below provides a snapshot of this landscape, setting the stage for a deeper analysis of attack patterns and motivations.

The infographic is based on data from ISTAT (2022), not the most recent, but still a reliable reference for outlining the structure of Italian enterprises. According to this data, Italy hosts a large number of businesses, the vast majority of which are micro and small enterprises, making up 78.9% and 18.5% of the total, respectively. This small-scale composition has important implications for cybersecurity readiness and resilience. In terms of geographic distribution, there is a clear regional divide: the North of Italy dominates; specifically, the North-West accounts for 28.7% of these businesses, while the North-East follows with 22.7%.
This foundational overview helps contextualize which types of organizations are more exposed to cyber threats and why. Understanding Italy’s business landscape is essential not only for assessing organizational readiness, but also for interpreting where and how cyberattacks unfold. Building on this, we turned our attention to the geographic distribution of attacks, examining not just their frequency, but how they align with the economic and structural profiles of each region.
When examining the distribution of attacks across Italian regions, both in terms of raw incident counts and data normalized by the number of companies and total regional revenue, Lombardy unsurprisingly emerges as the most targeted region, followed by Lazio. Overall, cyberattacks appear more concentrated in Northern Italy, a trend aligned with ISTAT data showing that over 50% of Italian companies are based in the North. However, Lazio still stands out. Even when adjusting for business density, it ranks among the most attacked regions, likely due to the concentration of public administration institutions in Rome, which might represent a target for ideologically motivated threat actors.
Italy ranks among the lowest in Europe for digital skills: according to the Digital Economy and Society Index (DESI), only 46% of Italians had at least basic digital skills in 2021, far below the EU average and well behind countries like the Netherlands and Finland (both at 79%). This digital gap is particularly pronounced in Southern Italy, often perceived as more vulnerable to cyber threats due to lower levels of digital readiness.
When attacks are normalized by regional revenue, Lazio remains prominent, alongside wealthy industrial regions like Lombardy, Piedmont, and Emilia-Romagna. Interestingly, several Southern and Central regions, such as Campania, Umbria, and Molise, also appear disproportionately targeted. This may reflect the presence of high-revenue enterprises within otherwise smaller business ecosystems, making them attractive targets for financially motivated threat actors. Overall, the distribution underscores that cybercriminals tend to prioritize economic value and digital surface area, rather than focusing solely on raw company numbers or regions perceived as less prepared.
Zooming in: Cyberattacks across Italy, one incident at a time
Beyond the numbers and trends, each cyberattack tells a story, of disruption, vulnerability, and intent. This map brings those stories into focus, marking the real-world locations where digital threats have struck Italian organizations. From ransomware assaults on manufacturing firms in Lombardy to breaches in public institutions across Lazio, the geography of cyber risk mirrors the country’s economic and institutional footprint. Some regions emerge as hot spots; others reveal isolated but high-impact incidents, each one leaving behind a trail of consequences, some still unfolding. This view reminds us that cybersecurity is not just a systemic issue, it’s a local one, too. Behind every point on the map is a breach that mattered.
When analyzing the Italian dataset more deeply, a recurring pattern emerges: the most targeted sector is Manufacturing, followed by Public Administration.
Sector-specific data confirms these vulnerabilities: in 2023, the manufacturing sector accounted for 13% of all cyberattacks in Italy, more than twice its global share (Muscope report). This makes it a clear target for ransomware groups and threat actors aiming to disrupt production or exfiltrate valuable data. A complementary perspective based on organization size reinforces this narrative: SMEs account for more than 400 attacks, representing over half of all recorded incidents. This aligns with ISTAT data showing that SMEs make up the overwhelming majority of Italian businesses. Public Administration, the second most attacked sector, also ranks high by size category.
While Italy does not rank among the most digitally advanced countries in the EU (report ENISA), its position as one of the most frequently targeted by cyberattacks may, paradoxically, stem from that very imbalance. As one cybersecurity expert we interviewed explained:
If all intrusions were actually detected and publicly reported, Italy would likely top the European charts.
According to this perspective, Italy’s vulnerability lies not only in the number of connected systems, but in how unprepared many institutions are to secure them. Three core factors were cited. First, there’s a widespread lack of cybersecurity expertise at the decision-making level, both within companies and in the public bodies meant to protect them. Cybersecurity governance is often assigned to professionals with legal or administrative backgrounds, who may lack the technical expertise required to keep pace with fast-evolving digital threats. Second, security is still widely perceived as a cost rather than a strategic investment, a cultural mindset that ultimately discourages proactive defense. Lastly, the Italian cybersecurity market is dominated by few large enterprises with ties to the defense sector, whose priorities are often misaligned with the needs of Italy’s industrial backbone (small and medium enterprises). This leads to a slow and uncoordinated response system, leaving much of Italy’s digital infrastructure vulnerable to attacks.
Together, these findings reflect a broader trend: cybercriminals prioritize sectors where disruption is most impactful, and defenses are uneven. This raises a critical question: are certain threat actors consistently targeting specific industries in Italy and if so, why? The answer can reveal strategic intent, ranging from financial motives to ideological agendas, and help prevent future risks.
The following section explores this dynamic in greater detail, examining how key threat actors operate in Italy and which industries they pursue most aggressively.
The data highlights how different sectors are targeted in different ways. LockBit 3.0 is the most active and geographically distributed group, with a distinct preference for Manufacturing, echoing the earlier finding that this sector is the most targeted. Its predecessor, LockBit 2, displayed a broader distribution, with a notable presence in Retail and General Services, but less strategic focus overall. By contrast, politically motivated actors like Noname057(16) and LulzSecITA mainly targeted Public Administration, largely bypassing manufacturing. This suggests a goal not of profit but of visibility, through public disruption or data leaks, exploiting institutional vulnerabilities.
A look at timelines further illustrates these dynamics. As of June 2025, only a few groups, Akira, Cactus, Rhysida, 8Base, and Lockbit 3.0, remain active in Italy, reflecting a possible shift in ransomware models. Meanwhile, LulzSecITA’s campaigns ended by 2020, and LockBit 3.0 appears to have seamlessly replaced LockBit 2, suggesting operational continuity. The first LockBit 3.0 attacks followed immediately after LockBit 2 ceased operations, indicating rebranding, not retirement.
Another layer of analysis explored whether these actors are Italy-specific or operate across Europe. The answer is nearly unanimous: 14 out of the top 15 actors active in Italy also conduct campaigns throughout Europe. The only exception is Sandworm, a Russian state-sponsored group known for critical infrastructure attacks. Its absence in Italy likely reflects a strategic focus on more geopolitically sensitive targets elsewhere in Europe (MITRE ATT&CK).
To conclude our exploration of cyber actor dynamics, we conducted a clustering analysis of behavioral patterns and target preferences. This yielded 10 distinct groups, all showing intense activity in Lombardy, Italy’s economic engine, and in Lazio, specifically cluster 2 and 8, a region rich in institutional targets. Cluster 3 stands out for its exclusive focus on Veneto, perhaps drawn by local industry or regional vulnerabilities. Overall, the clustering confirms that regional economics, especially those with dense concentrations of SMEs and public assets, remain priority targets for cyber threat actors.

From Breach to Awareness: Is the Threat Truly Understood?
This deep dive into sectoral and regional patterns confirms a fundamental truth: Italy’s most productive and institutional regions are at the center of its cyber threat landscape. Whether due to economic weight, critical data exposure, or structural weaknesses, these areas face elevated and persistent risks. But here’s the real question: does the public understand the scale of this threat? In an age where ransomware can stop hospitals from working, leak court information, or shut down factories, one would expect cyberattacks to dominate headlines and shape national policy conversations. And yet, visibility doesn’t always match severity. The next section shifts focus from the attackers to the narrative, how cyber incidents are portrayed in Italian media, acknowledged by institutions, and ultimately perceived by society.
Breaking the Net
The Silent Breach: Most Cyberattacks in Italy Go Unreported
After mapping out the landscape of cyberattacks in Europe and zooming in on Italy to identify the main threat actors, the most affected regions, and the techniques most frequently used we now turn to a crucial but often overlooked aspect: how these incidents are reflected in the public sphere. Between 2015 and 2025, we identified around 900 cyberattacks targeting Italian companies. Yet only 17% of them were actually covered by the media. This finding comes from a dataset we compiled by matching each documented attack (by date and organization name) against roughly 8,000 articles from both mainstream and cybersecurity-focused outlets. The chart below visualizes this gap: each dot represents a cyberattack, but only the darker (orange) ones were picked up by the media. The rest the majority went unreported. While the frequency of attacks rises sharply over time, especially after 2020, media attention remains largely stagnant. This disconnect suggests a broader problem. Underreporting doesn’t just obscure the scale of the threat it also undermines public awareness, corporate accountability, and the development of effective cybersecurity policy.
Niche Networks, National Silence
So, while attacks are increasing in both frequency and severity, the information about them struggles to reach the wider population, weakening Italy’s collective ability to respond, prepare, and build a stronger cybersecurity culture.
Furthermore, if we dig deeper into the few cases that were covered by the media, another pattern emerges. Most of these reports come from cybersecurity-focused outlets and specialized industry publications that primarily reach a niche audience. This raises an important issue: the general public, who typically relies on mainstream media, is largely left in the dark. Our analysis shows that traditional news organizations rarely report on cyber incidents, even as their frequency and impact grow. In other words, while the attacks exist, their visibility in the broader public discourse does not.
We also looked at the tone of the articles published and found no major differences between industry-specific outlets and mainstream newspapers. As a result, communication around cyber threats in Italy remains limited and fragmented. The lack of broader media coverage contributes to low public awareness and understanding of cybersecurity risks despite their growing relevance in everyday life and business.
So, while attacks are increasing in both frequency and severity, the information about them struggles to reach the wider population, weakening Italy’s collective ability to respond, prepare, and build a stronger cybersecurity culture.
Which Sectors Make the Headlines?
After this broader analysis, we turned our attention to the types of industries affected by cyberattacks and how the media responds to them in both visibility and tone. The first chart shows the average number of articles published per attack across different sectors a measure of media attention. Strikingly, utility companies (such as electricity, gas, and water providers) top the list, despite having been targeted only three times during the observed period. This suggests that attacks on critical infrastructure regardless of how frequent they are trigger disproportionate media coverage, likely because of their potential consequences for national security and daily life.
At the other end of the spectrum, sectors like accommodation and food services, mining, and certain professional services receive far less media attention, even when incidents occur. These cases often go unnoticed or are reported in niche outlets only.
The second chart breaks down media sentiment by industry. Again, utilities stand out with a significantly higher share of negative-toned articles. This is likely tied to the alarmist framing often used when essential public services are at risk, where urgency and public impact dominate the narrative.
In contrast, industries that receive less attention such as transportation, retail, and hospitality show a very different picture: sentiment tends to be neutral or even slightly positive, when covered at all. These attacks may be seen as less critical or less sensational, and are therefore communicated with a softer tone or ignored entirely.
This contrast underscores an important dynamic: media visibility and tone are not just shaped by how often an industry is targeted, but by how “newsworthy” an attack is perceived to be. Critical infrastructure gets headlines and alarm while other sectors often stay in the shadows, regardless of the real risks involved.
What the Media Talks About - And What It Doesn’t
By applying topic modeling (LDA) to the articles covering cyberattacks on Italian companies, a clear pattern begins to emerge. Media narratives appear to focus predominantly on cyber threats and attack techniques, with far less attention given to topics like corporate data protection, technical vulnerabilities, or cybersecurity regulations. This likely reflects a tendency to report on the event itself the how and what of the attack rather than delving into the underlying causes or preventive measures. As a result, the broader context around cybersecurity often remains in the background, leaving key structural issues underexplored.
Cybersecurity: What We Say, What We Mean
As our earlier analysis shows, not all industries receive equal media attention when targeted by cyberattacks. Utilities such as energy and water providers attract disproportionate coverage, likely due to their strategic importance. Sectors like transportation, logistics, or food services, on the other hand, receive little to no attention, even when affected. This asymmetry suggests a deeper issue: a communication gap between real-world risk and public visibility. To better understand this gap, we moved from the “who” to the “how” analyzing the language and emotional tone of cybersecurity coverage across generalist and specialist media outlets. What narratives do they construct? And what kind of sentiment do they project?
The chart above highlights the top 20 most distinctive words used by each type of source, using TF-IDF differential. Mainstream media often center their language on individuals and incidents, with tokens like “hacker,” “attacco,” “utente,” “online,” “password”. These terms frame cybersecurity as sudden, alarming, and personal. The stories are reactive, emotion-driven, and aimed at a broad audience.
Sector-specific outlets, in contrast, use a vocabulary rooted in governance and institutional frameworks: terms like “gdpr,” “trattamento,” “aziendale” and “titolare”. These articles speak to professionals, framing digital security as a matter of planning, accountability, and process not panic. This divide becomes even more apparent when we analyze sentiment by named entity.
By analyzing the most frequently mentioned entities in our dataset, we observe a significant shift in sentiment depending on the type of media source.
In sector-specific publications, the average sentiment tends to skew more positive or neutral, especially when discussing institutional actors involved in cybersecurity legislation such as EU the European Commission, or national regulatory bodies. Similarly, large corporations working on cybersecurity solutions are often framed in a constructive light, reflecting themes of innovation, compliance, and digital transformation.
In contrast, general news outlets show a more negative sentiment, particularly in connection with entities like Facebook, the FBI, or even the Senate typically in the context of surveillance concerns, data breaches, or regulatory inaction. These platforms and institutions are often portrayed as part of the problem rather than the solution.
This divergence is the key and reflects two distinct media ecosystems: one that interprets cybersecurity as a technical challenge, and one that dramatizes it as a social or political crisis.
When Optimism Stays in the Echo Chamber
What do we really talk about when we talk about cybersecurity? By measuring the average sentiment across dominant topics and sources, a striking pattern emerges: positive tones are almost reserved for sector-specific publications, and only when discussing corporate security and legal compliance. These include discussions on enterprise level risk management, GDPR enforcement, and organizational resilience themes treated with a sense of control, even optimism. Everywhere else, the tone shifts.
In mainstream journalism, where the audience is broader and less specialized, the sentiment trends negative across the board. Stories around personal privacy, digital fraud, or user tracking are overwhelmingly framed in critical terms, with few signs of hope or solutions. The most negative tones appear when users and their devices are at the center of the narrative.
The contrast is even sharper when the same topic is handled by different sources. For example, corporate cybersecurity is portrayed by industry media as an evolving opportunity a space of innovation and strategic growth. But in the general press, it’s nearly absent unless tied to crisis, scandal, or systemic failure.
Clustering analysis also reveals a fragmented cyber discourse. Sector-specific publications tend to focus on regulatory compliance and enterprise risk, usually adopting a neutral or critical tone except in 2024, when optimism emerges around corporate cybersecurity success stories. In contrast, general media emphasizes personal privacy and cybercrime, often with emotional and negative framing, especially during crises like the pandemic. Notably, the only positive sentiment cluster originates from the sector suggesting that optimism is largely internal and professional. Even shared topics, like corporate cybersecurity, are portrayed very differently: as progress in the sector, and as crisis in the public media narrative.
This divergence reveals more than just editorial choices: it points to a split in how cybersecurity is understood, communicated, and emotionally processed, depending on who’s talking and who’s listening. In short, confidence lives in the sector. Concern dominates the public sphere. And that divide might be exactly what’s preventing Italy from building a truly shared cyber resilience culture.
A Communication Gap That Shapes Action
This gap isn’t just semantic, it’s strategic.
If the perception of cybersecurity remains focused solely on breaches and blame, while technical sources highlight regulation, governance, and risk management, the broader public may fail to grasp the full scope of what’s at stake.
This discrepancy is confirmed by recent research.
According to the Cyber Index PMI 2024, only 15% of Italian small and medium enterprises have a strategic approach to cyber risk. Over half (56%) still lack awareness or tools to react effectively. The disconnect is not just about capacity , it’s about narrative. If risk is not communicated with clarity and realism, action will lag behind awareness.
A 2024 cross-cultural study further supports this view:
While Italians acknowledge cyber threats as real, they tend to adopt a passive, delegated approach, trusting institutions or service providers to take care of security. Compared to countries like Germany or the UK, Italy stands in the middle tier: aware, but not proactive.(paper)
A Final Call: Words Are Not Just Words
When cyber language is fragmented, so is the response.
From newsrooms to boardrooms, from small and medium enterprises to government agencies, the way we talk about cybersecurity shapes the way we invest, legislate, educate, and defend.
The good news? The data shows change is possible. Positive narratives do emerge especially when solutions, not just threats, are placed at the center. But to bridge the communication gap, we need more than analysis. We need a shared language, one that makes cybersecurity not just a technical domain, but a collective priority.
Cyber Q&A
Shared Knowledge: The Intelligent Graph Bridging Cybersecurity Gaps
In cybersecurity, the communication gap is as critical as the technical one. On one side, we have mainstream media amplifying panic around cyber threats. On the other, trade journals speak a language so technical that it alienates most corporate professionals. Stuck in between are companies eager to train staff, yet often ill-equipped to explain the very threats they face.
To bridge this divide, we’ve developed an intelligent knowledge graph: a dynamic, visual tool that turns complex cyber data into structured, explorable insights. Designed not for the public at large, but for use in corporate training courses, the graph acts as a semantic map of the cybersecurity landscape, supporting workshops, awareness sessions, and post-training engagement.
Rooted in the MITRE ATT&CK framework and enriched with peer-reviewed research from PubMed, Crossref, and arXiv, the graph hosts over 4,000 nodes connecting attack techniques, malware families, vulnerabilities, countermeasures, and more. Need to understand how a ransomware campaign exploits a specific vulnerability? Or which mitigations align with spear phishing? The graph doesn’t just hold that knowledge, it makes it navigable.
Even more powerfully, the system integrates a local LLM (Mistral 7B) capable of answering natural language queries using context from the graph itself. Ask a question like “Which mitigations are most effective against credential dumping?” and get a grounded, explainable response. Combined with interactive visualizations and slide generation, it becomes a training companion, not just a data tool.
The Communication Gap Is Real
According to the 2° CensisIISFA (2023/2024) Report, 20.8% of Italian workers still don’t know what “cybersecurity” even means, up from 17.1% the year before. Meanwhile, over 1 in 5 employees have witnessed a cybersecurity incident in their workplace in the last year, ranging from service disruptions to data breaches. And yet, much of the training still relies on static materials and vague definitions.
In this context, tools like our knowledge graph aren’t just useful, they’re necessary. They educate. They contextualize. They make cybersecurity make sense.
From Attacks to Awareness: A Graph That Connects the Dots
What begins as a cyberattack often ends in headlines, yet rarely in real understanding. Public narratives tend to dramatize, while companies react with urgency, investing in solutions they may not fully grasp. Somewhere between the breach and the boardroom, technical knowledge gets lost in translation.
This is where our graph steps in: not just as a visualization tool, but as a way to connect data, expertise, and communication into a cohesive system of shared understanding. It links threats to research, concepts to countermeasures, and people to meaning, helping turn reactive defenses into informed strategies.
Because in cybersecurity, visibility isn’t just about network logs: it’s about making knowledge itself visible.
So the real question becomes: Are we truly prepared? In the invisible war, who protects whom and who’s investing to keep us safe?
Conclusions
Research vs. Reality: Italy’s Cybersecurity Investments Under the Microscope
Over the last decade, Italy has steadily climbed the European cybersecurity ladder, at least on paper. According to data from Horizon 2020 and Horizon Europe, the country ranks third in terms of net cybersecurity funding received, behind only Spain and Germany. From 2015 onward, Italy’s involvement in EU-backed research projects has grown consistently, peaking in 2021 with 115 active initiatives.
This trajectory suggests a country that, even before the surge in cyberattacks, was aware of the need to strengthen its digital defenses: a sign of strategic foresight in the face of accelerating digitalization.
But while the research ecosystem expanded, so did the threats. In 2023, Italy recorded its highest-ever number of cyberattacks against companies, continuing a trend that began around 2021, the same period during which funding reached its peak.
This overlap raises a critical and still unresolved question:
Are these investments paying off in the real world?
At present, the answer is unclear. It’s possible the benefits of funding are simply delayed, that is that training, infrastructure, and innovation need time to convert into effective defense mechanisms. But another possibility looms: that the translation of research into operational security is too slow, too fragmented, or even misaligned with the actual needs of Italian businesses.
This isn’t just a budgeting issue, it’s a structural one. The numbers tell one story, but they also invite a deeper investigation:
Does Italy’s cybersecurity model need a rethink? And if so, where should we start?
To explore this further, we asked an experienced voice in the cybersecurity field for their honest view on the situation. Here’s what they shared:
As far as I know, the increase in projects hasn’t brought any significant or visible benefits. It mainly reflects better organizational capacity in the Italian ecosystem to apply for and manage funds. I haven’t seen more strategic selection of projects, nor clear impact in terms of cybersecurity outcomes or the emergence of new actors in the field.
For example, Spain has focused its funding on building infrastructure and labs. In contrast, in Italy, a large portion of funds has gone toward increasing precarious or part-time roles in public and private organizations. In the short term, this boosts fund usage rates, but in the long term, it brings little benefit, and even creates social costs, as we’re seeing in the academic sector.
Their words offer an honest reflection and leave us with a crucial, open-ended question:
Will these investments eventually strengthen Italy’s cybersecurity landscape, or do we need to rethink how research is connected to real-world needs and resilience?”
A System That Knows, But Can It Act?
This disconnect highlights a deeper issue: cybersecurity isn’t just a technical problem. It’s a systems problem spanning infrastructure, education, policy, communication, labor, and equity.
We can’t protect what we don’t understand, and we can’t defend with isolated tools. What we need is an ecological vision of cybersecurity: one that connects institutions, individuals, technologies, and knowledge in a way that is resilient, transparent, and inclusive.
Because the question is no longer whether the threats are real. It’s whether our response is coherent, and whether it reaches those who need it most.