The Bank of Italy published an exploratory survey on the Italian market for cybersecurity testing services, focusing on the supply of Threat-Led Penetration Testing (TLPT) as EU digital operational resilience rules (DORA) require certain financial institutions to conduct advanced cybersecurity tests. Based on a voluntary-response questionnaire, the paper assesses the sector’s size, market structure, service volumes, enabling factors and barriers. It finds a dynamic and growing market dominated by domestic providers, with TLPT service provision concentrated among a small number of players. The supply side shows significant variability in resources allocated to individual services, suggesting offerings are not yet fully standardised, with regulatory frameworks coexisting alongside proprietary methodologies. Key obstacles identified include shortages of skilled professionals and persistently high costs.
Bank of Italy 2025-09-23
Bank of Italy survey finds Italy’s threat-led penetration testing market is growing but concentrated and constrained by skills shortages
The Bank of Italy released a survey on the Italian market for cybersecurity testing services, highlighting the supply of Threat-Led Penetration Testing (TLPT) amid EU digital operational resilience rules. The study reveals a dynamic market dominated by domestic providers, with significant variability in service standardization and challenges such as skilled labor shortages and high costs.