In 2024, Italy remained one of the main targets of cybercrime in Europe and worldwide. Although the country accounts for only 1.8% of global GDP, it was hit by 10% of all known cyberattacks globally. According to the Clusit Report, cyberattacks in Italy increased by 15% over the past year, with incidents surging 38% in the manufacturing sector and 40% in the technical and scientific fields.
Small and mid-sized industrial companies are among the hardest hit, increasingly digital and interconnected, yet often lacking a dedicated internal IT governance structure.
Real damage, not just data loss
A cyberattack isn’t just a technical issue, for a manufacturing company, it can mean halted production lines, disrupted logistics, supply chain breakdowns, and the loss of confidential designs or technical documents shared with clients and partners.
Adding to an already complex scenario is a new variable: the NIS2 Directive, introduced to raise the overall security standards across the European industrial ecosystem.
NIS2 Directive Requirements
NIS2 applies not only to large enterprises but also to many SMEs operating in sectors considered essential, including manufacturing, transport, energy, healthcare and ICT. The goal is clear: strengthen digital resilience by requiring companies to meet minimum cybersecurity standards, report cyber incidents, and most importantly, assign direct responsibility to top management. In short, if your company suffers an attack and isn’t adequately prepared, leadership could be held personally accountable.
And it’s not just about what happens inside your own walls. The directive also takes into account your network of suppliers and partners — because today, security is a supply chain issue.
An external supplier can easily become part of your digital perimeter
Let’s take a concrete example. When you work with a marketing agency, you often share confidential technical materials, grant access to shared platforms, or provide sensitive content.
Nowadays, online communication goes hand in hand with cybersecurity.
If that agency doesn’t use secure tools, shares files through unprotected channels, or manages passwords without a structured system, it becomes a weak spot in your digital infrastructure.
That’s why today even an external partner, even if not an IT provider, needs to have a basic understanding of cybersecurity. This means using reliable cloud services, servers based in Europe, tools for centralized access management, and most importantly, being ready to cooperate if the client company requires specific procedures or traceability.
In other words, you don’t need to be a tech company to work securely. What you need is professionalism and organization, even when it comes to cybersecurity.
Cyber awareness
No system is bulletproof. But today, cyber risk can only be managed if everyone involved, from equipment suppliers to communication consultants, takes a responsible approach.
This means being ready to follow security protocols, share files using appropriate standards, and ensure the confidentiality of sensitive materials. On all these fronts, the quality of a partner truly makes the difference.
Your marketing agency should help you communicate the value of your know-how, without putting your sensitive data at risk.
Cyber risk can’t be eliminated, but it can, and must, be kept under control.
And to do that, firewalls and antivirus software aren’t enough. You need partners who are aware, reliable and responsive, ready to integrate seamlessly into your business processes.
