The report
On 12 March 2026 in Rome, the third Cyber Index PMI report was presented. It is an initiative promoted by Confindustria and Generali, with the scientific contribution of the Osservatori Digital Innovation at Politecnico di Milano and the institutional partnership of ACN (Agenzia per la Cybersicurezza Nazionale, Italy's National Cybersecurity Agency). The study measures the level of awareness and maturity of Italian small and medium enterprises in cybersecurity.
The data
The average score of Italian SMEs stands at 55 out of 100, below the sufficiency threshold of 60 but up 3 points from 2024. The maturity distribution paints a still-critical picture:
- 16% of SMEs classified as “mature”
- 32% “aware”
- 38% “informed”
- 14% “beginners”
A particularly significant finding: 1 in 4 SMEs suffered a cyber breach in the past three years. The report also highlights a considerable maturity gap between small and medium enterprises, with smaller companies still lagging far behind.
What it means for SMEs
The results confirm that the majority of Italian SMEs have not yet reached an adequate level of protection. With the obligations introduced by the NIS2 Directive now in effect and cyber threats on the rise, postponement is no longer an option. Businesses need to adopt structured security measures, moving from a reactive approach to a systematic, documented one that includes periodic assessments, formal policies and incident response plans.
How to improve
The first step is to measure your current security posture. Our free assessment based on the NIST CSF 2.0 framework provides a structured evaluation of your organisation's strengths and areas for improvement in just a few minutes. From there, you can define a concrete path towards greater resilience, supported by ATWS cybersecurity services.