The digital attack surface in Italy is growing year after year. In the first half of 2025, according to a survey by Radiocor-Borsa Italiana, Italian companies suffered 14 cyberintrusion attempts each. This figure confirms that our country is among the top targets in Europe, with a widespread impact on healthcare, manufacturing, public administration, and especially SMEs.
The problem is not limited to available technology: the real weakness remains the lack of widespread and up-to-date skills. Italy suffers from a structural delay in training professionals capable of managing cyber risks and incidents. As Pasquale Russo, academic director of the CyberUp Institute, explains:
“The digital transition is a race, but I often see companies and public administrations getting off on the wrong foot. Technologies advance, but skills lag behind: and this is the true target of cybercriminals.”
The Need for Human Capital
The European and international context, analyzed by research centers such as the Royal United Services Institute, confirms this trend: without qualified human resources, no technological infrastructure can guarantee resilience. In Italy, the demand for specialists in the coming years is estimated to be in the tens of thousands, covering various roles:
- SOC analysts and incident responders, essential for monitoring and responding to incidents;
- Digital forensics experts, capable of collecting evidence and reconstructing complex attacks;
- Certified network technicians and systems engineers (Linux, Cisco, Microsoft), essential for infrastructure management;
- Legal professionals and consultants up-to-date on GDPR, NIS2, and the Cyber Resilience Act, capable of supporting companies and professional firms.
Cybersecurity is not only a technical issue, but also a cultural and organizational one, requiring the participation of all levels of the company.
CyberUp Institute: Immersive and Certified Training
To close this gap, CyberUp Institute has developed a training model that integrates classroom instruction, practical simulations, and internationally recognized certifications.
The offering is divided into different paths:
- Employee and manager awareness, with a focus on the human factor and social engineering;
- Cybersecurity Technician and CyberOps Associate, professional courses ranging from 60 to 150 hours with preparation for Cisco, Linux, and Microsoft certifications;
- Incident Response and Forensics, practical modules for SOC teams and IT professionals;
- Secure Development, for programmers who need to integrate security into the software lifecycle.
A distinctive feature is the use of Cyber Arenas, both physical and virtual, where participants face realistic attack scenarios in Red vs. Blue Team mode or in Capture the Flag competitions. This experiential approach not only trains technical skills, but also the ability to react under pressure.
Prevention and awareness are key
The guidelines emerging from studies such as those by Agenda Digitale and Bizzit converge on one point: prevention is the most effective strategy. Secure backups, network segmentation, strong authentication, and ongoing training are the fundamental pillars. However, without trained personnel, these tools remain underutilized.
For Russo, the challenge is above all cultural:
“Ninety percent of attacks exploit the weakest link: humans. It is no longer enough to say “IT will take care of it”: security is a governance responsibility and must be shared by the entire organization.”
Conclusions: a national priority
The future of Italian competitiveness also depends on the ability to protect data, patents, and industrial know-how. Investing in cybersecurity training is not an expense, but a multiplier of resilience and innovation.
In this scenario, organizations like the CyberUp Institute take on a strategic role: creating the next generation of Italian cyber defenders, prepared to protect SMEs, public administrations, and critical infrastructure.
If Italy truly wants to consolidate its digital transition, it must invest now in training not hundreds, but thousands of new experts. Only then can cybersecurity become a cornerstone of economic growth and national technological sovereignty.