Skip to main content
European Digital Innovation Hubs Network

Raising awareness on Cybersecurity risks and mitigations in the corporate context

Raising awareness on Cybersecurity risks and mitigations in the corporate context banner
Raising awareness on Cybersecurity risks and mitigations in the corporate context
Published at 03 March 2025 | Italy

General details

EDIHs involved

Customer

EDIH logo
Customer type: SME
Customer size: Small (10-49)

Services provided
Training and skills development
Technologies
Cybersecurity
Sectors
Security
Education

Challenges

Spaziottantotto, a consultancy, professional training, and information technology company, was born from the Incubator of Innovative Enterprises of Politecnico di Torino (I3P). The company has achieved numerous accolades, including two high-tech idea awards from the City of Turin in partnership with LINKS Foundation, I3P, the Province of Turin, the Chamber of Commerce, and Invitalia. They also won the "Galileo Ferraris from the idea to the innovative enterprise" prize for the best business-plan company, alongside several recognitions for their quality applications.

Over the years, Spaziottantotto has developed expertise in various security sectors, such as computer security, privacy protection, occupational safety, hygiene and safety of food processing, environmental protection and waste management, quality systems management, and organizational and control models management.

Recently, the company participated in the Cybersecurity SME project with the Turin Chamber of Commerce, where the performed a Cyber Exposure Index (CEI) service to assess their IT infrastructure risks. The CEI report indicated a significant level of risk, highlighting the need of Spaziottantotto for deeper engagement with cybersecurity through targeted training.

Solutions

In response to Spaziottantotto's growing need for enhanced digital security, a foundational Cybersecurity training course was developed and organised by EDIH EXPAND. This course provided Spaziottantotto with a comprehensive overview of the latest cyber threats, such as phishing attacks, ransomwar, and data breaches, while also covering the best practices for mitigating these risks.

The primary objective was to equip participants, management and key personnel of Spaziottantotto, with a robust understanding of the evolving threat landscape and empower them with effective defense strategies. It specifically aims to raise awareness among management and key personnel about potential vulnerabilities that may affect their business operations. By doing so, the course ensures that leaders are not only aware of the risks but are also prepared to implement the necessary preventive measures. This training is designed to be an essential step toward fostering a culture of cybersecurity within the organization, ultimately safeguarding Spaziottantotto from a wide array of cyber threats.

Results and Benefits

Upon completing the course, participants gained a solid foundation in essential cybersecurity concepts and developed the skills necessary to identify and assess specific cyber threats. They acquired practical, hands-on knowledge on implementing cybersecurity best practices, such as securing networks, safeguarding sensitive data, and using encryption effectively. The training also equipped them with the ability to create and enforce cybersecurity policies tailored to their organisation's needs. As a result, participants became more adept at coordinating incident response efforts, minimising damage from potential cyber-attacks. This comprehensive understanding and skill set have directly contributed to strengthening the overall security posture of the company, ensuring long-term resilience against evolving cyber threats.

Perceived social/economic impact

Main impacts:

  • Enhanced awareness: The training significantly increased awareness of cybersecurity threats and effective remediation strategies among participants. This heightened understanding enables staff to recognise potential risks and implement proactive measures.

  • Elevated cybersecurity expertise: The company’s overall cybersecurity know-how has been markedly improved. Participants now possess advanced skills and knowledge, empowering them to better safeguard the organisation’s digital assets.

  • Business model innovation: The newfound expertise has sparked interest in enhancing the company’s business model by introducing innovative services related to cybersecurity management. This strategic shift aims to address emerging market demands and provide added value to clients.

  • Regional skill promotion: The company has become a champion of cybersecurity skills within the Piedmont Region, leveraging its client base to advocate for best practices and knowledge sharing. This promotion helps elevate regional standards and fosters a more secure digital environment across the area.

Measurable data

To measure the success and impact of the cybersecurity training program, we collected detailed metrics that underscore its effectiveness. A total of 26 individuals actively engaged in the training session, demonstrating a strong level of interest and commitment to enhancing their cybersecurity knowledge.

DMA score and results - Stage 0

Before the implementation of the service, Spaziottantotto obtained an overall average score of 30% in the Digital Maturity Assessment. This reflects that the company presented an average level of digital maturity. However, there was room for further growth, and Spaziottantotto could gain significant advantages from additional investments in digital technologies and skills. The company presented a moderate level of digital expertise, which could be enhanced through strategically designed training programs. Such initiatives would enable the company to fully embrace and support the implementation of new digital solutions, alleviating concerns about the changes they may bring.

Lessons learned

Do’s:

  • Tailor the course: Design the course to address the company’s specific cybersecurity needs and raise awareness among internal staff. Customising the content to reflect real-world scenarios and organisational context will make the training more relevant and impactful.

  • Adopt a pragmatic approach: Engage professionals by using practical, real-world examples and interactive elements. This approach will help make complex concepts more accessible and applicable.

  • Ensure clarity and organisation: Structure the training session to be well-organised, with clear objectives and a logical flow. This will enhance comprehension and ensure that participants can easily apply what they have learned.

  • Incorporate simulations: Consider including real-time cyber-attack simulations and hands-on exercises to provide participants with practical experience. This will not only reinforce learning but also improve their response skills in real-world situations.

Don’ts:

  • Avoid Generic Training: Steer clear of a one-size-fits-all approach. Generic training may not address the specific vulnerabilities or needs of the organisation, reducing the effectiveness of the program.

  • Neglect Practical Training: Do not underestimate the importance of hands-on training. While theoretical knowledge is crucial, practical experience is essential for developing effective response strategies and reinforcing learning.