The Bank of Italy published “The Cyber Risk of Non-Financial Firms”, presenting a new indicator of cyber risk vulnerability for Italian non-financial companies and arguing that cyber risk should be incorporated into credit risk assessments given potential effects on business continuity. The indicator combines natural language processing and a large language model applied to information drawn from firms’ financial statements, news reports and cyber industry reports. It relies on an Italy-tailored taxonomy that captures, across a large and heterogeneous firm sample, the occurrence of cyberattacks, the degree of regulatory compliance, and the use of cyber defence technologies and security certifications. The analysis notes that cyberattacks in Italy have been rising since 2019 and finds that the post-incident increase in firms’ vulnerability outweighs the mitigating effect of defensive actions, which take time to materialise, while disclosure on cyber risk in official reporting typically increases only after an attack.
Bank of Italy 2026-01-19
Bank of Italy publishes research building a cyber risk vulnerability indicator for Italian non-financial firms
The Bank of Italy's study, “The Cyber Risk of Non-Financial Firms,” introduces an indicator for assessing cyber risk in Italian non-financial companies, advocating its inclusion in credit risk assessments. Using natural language processing and a large language model to analyze financial statements, news, and cyber reports, it reveals increased cyberattacks in Italy since 2019, with post-incident vulnerability often surpassing defensive benefits.