<\/p>\n\n\n\n
The evolution of the compliance<\/strong> corporate governance and risk assessment models has reached a turning point with the recent publication (19 January) of a new document from the Bank of Italy<\/strong>. According to the sources, the cyber risk<\/strong> officially ceases to be a purely technical question and takes on the nature of structural factor of credit risk<\/strong>.<\/p>\n\n\n\n Below is a brief analysis of the legal and strategic implications for non-financial companies.<\/p>\n\n\n\n 1. Going beyond accounting data: analyzing unstructured data<\/strong><\/p>\n\n\n\n The Supervisory Authority has noted that traditional balance sheets are no longer sufficient to represent a company's actual risk exposure. The new Bank of Italy model uses risk assessment techniques. Natural Language Processing (NLP)<\/strong> and the Large Language Model Microsoft Phi-4<\/strong> to analyze millions of documents, including press articles, specialized web sources, and financial reports.<\/p>\n\n\n\n The goal is to transform descriptive language into quantitative signals<\/strong>, intercepting information on:<\/p>\n\n\n\n 2. Implications for governance and business continuity<\/strong><\/p>\n\n\n\n From a legal and regulatory perspective corporate governance<\/strong>, the integration of cyber risk into management models credit assessment<\/em> (specifically in the system ICAS \u2013 Italian Credit Assessment System<\/strong>) highlights how a cyber attack can compromise the financial stability of the institution.<\/p>\n\n\n\n Sources emphasize that a cyber event is no longer just an \u201cextraordinary cost,\u201d but a threat that can:<\/p>\n\n\n\n 3. The \u201cpersistence of risk\u201d and critical sectors<\/strong><\/p>\n\n\n\n The analysis highlights a phenomenon of particular importance for the due diligence<\/em> legal: the so-called \u201ccyber \u201dscar\u201d<\/strong>. A sustained cyber attack leaves a persistent mark on the company's risk profile, often weighing more than the corrective measures introduced. ex post<\/em>.<\/p>\n\n\n\n The sectors requiring the most stringent monitoring are manufacturing (due to the high interconnectivity of Industry 4.0), professional services, and commerce. The dominant threats identified include: ransomware<\/em>, data breach<\/em> And phishing<\/em>.<\/p>\n\n\n\n 4. Conclusions: Cybersecurity as a financial lever<\/strong><\/p>\n\n\n\n For companies, complying with cybersecurity requirements is becoming a prerequisite for protecting their ratings and accessing capital markets. Investing in transparency, governance, and data protection is no longer just a regulatory compliance requirement, but a financial lever capable of directly impacting the cost of money.<\/p>\n\n\n\n In conclusion, in the current digital landscape, the failure to implement adequate cybersecurity measures can be considered a genuine breach of due diligence, with direct impacts on a company's solvency and creditworthiness.<\/p>\n\n\n\n Content by the Lawyer. Gianmaria Pesce<\/a><\/p>\n\n\n\n <\/p>","protected":false},"excerpt":{"rendered":"\n
\n