As prominent targets of cyber-attacks, financial institutions are progressively adopting advanced security practices to prevent and defend against threats while remaining functional. In doing so, they recognise that defensive measures alone are not sufficient. Instead, a holistic approach to cybersecurity is essential to ensure business and operational continuity. A comprehensive approach integrating people, technology and processes helps mitigate financial losses and reputational risks. In addition, legal frameworks and regulators play a pivotal role in managing cyber threats, promoting information sharing and enhancing a new model of collective defence. This study explores cyber resilience practices in the Italian financial sector, analysing people, technology and processes, based on qualitative interviews and consultations with cybersecurity experts from the Italian Cyber Security Research Hub. Findings reveal a shift from purely preventive measures to proactive response and recovery strategies, emphasising communication, board engagement and third-party risk management. The study offers practical insights for enhancing resilience beyond regulatory requirements. Policy recommendations propose a governance-driven framework that integrates compliance with adaptive and effective security practices.
Rajola, F., Gatelli, P., Iacopino, V., Governance Processes and Technologies for Cyber Resilience in the Financial Sector: The Italian Scenario, <<INFORMATION SYSTEMS JOURNAL>>, 2025; (special issue): 1-15. [doi:10.1111/isj.70023] [https://hdl.handle.net/10807/336206]
Governance Processes and Technologies for Cyber Resilience in the Financial Sector: The Italian Scenario
Rajola, Federico;Gatelli, Paolo;Iacopino, Valentina
2025
Abstract
As prominent targets of cyber-attacks, financial institutions are progressively adopting advanced security practices to prevent and defend against threats while remaining functional. In doing so, they recognise that defensive measures alone are not sufficient. Instead, a holistic approach to cybersecurity is essential to ensure business and operational continuity. A comprehensive approach integrating people, technology and processes helps mitigate financial losses and reputational risks. In addition, legal frameworks and regulators play a pivotal role in managing cyber threats, promoting information sharing and enhancing a new model of collective defence. This study explores cyber resilience practices in the Italian financial sector, analysing people, technology and processes, based on qualitative interviews and consultations with cybersecurity experts from the Italian Cyber Security Research Hub. Findings reveal a shift from purely preventive measures to proactive response and recovery strategies, emphasising communication, board engagement and third-party risk management. The study offers practical insights for enhancing resilience beyond regulatory requirements. Policy recommendations propose a governance-driven framework that integrates compliance with adaptive and effective security practices.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
