The document discusses the challenges and trends in IT risk management and cybersecurity for companies in Italy, emphasizing the increasing adoption of new security technologies amid pressure from digital transformation. It highlights that organizations face various obstacles, including budget constraints and skills shortages, which affect their ability to enhance security measures. Additionally, it forecasts significant shifts in security practices and the integration of advanced technologies, such as AI and biometrics, in response to evolving cyber threats.

1. A new IT-risk culture for Digital Transformation
Milan, May 11, 2017
Redux Version

2. The market is under pressure
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 2
Source: IDC, 2016 (n=98, companies with more than 50 employees in Italy; weighted extrapolation)
10 OR MORE DATA BREACHES
5-9 DATA BREACHES
3-4 DATA BREACHES
1-2 DATA BREACHES
0% 5% 10% 15% 20%
About 40% knows they have been breached

3. Who is adopting new IT Security tech is dealing
with specific challenges
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 3
0% 20% 40% 60%
COMPETING WITH CLOUD RESOURCES USED/SHADOW IT
HIGH LEVEL OF DEMAND FOR NEW BUSINESS SERVICES
FRAGMENTATION OR LACK OF INTEGRATION OF SECURITY PRODUCT PORTFOLIO
JUGGLING CONFLICTING PRIORITIES
NOT ENOUGH INTEGRATION INTO THE IT INFRASTRUCTURE TEAMS
LACK OF INSIGHT INTO SECURITY SENSITIVE ACTIVITIES
SKILLS SHORTAGES
OPERATIONS RESOURCES ARE TOO BUSY ON ROUTINE OPERATIONS
BUDGET CONSTRAINTS
What is challenging the development of IT Security
Source: IDC Italy, 2016 (n=100, different within groups; cross-sector study, companies with more than 500 employees in Italy; weighted extrapolation)

4. Measuring risks is a proof of your risk aversion
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 4
Source: IDC Italy, 2016 (n=100, different within groups; cross-sector study, companies with more than 500 employees in Italy; weighted extrapolation)
0%
20%
40%
60%
80%
INTERNAL
COMMUNICATIONS
PLAN
BREACH
NOTIFICATION
PLAN
BREACH
REMEDIATION
PLAN
RESPONSE
PLAN
A FORMAL RISK
ASSESSMENT
EXTERNAL
COMMUNICATIONS
AND PUBLIC
RELATIONS PLAN
CYBER RISK
INSURANCE
Risk management practice currently in use
Risk averse (n=64) Risk propense (n=35)

5. © IDC Visit us at IDC.com and follow us on Twitter: @IDC
5
TIME (MONTHS) TO MAINSTREAM
ORGANIZATIONALIMPACT
Asingle
department
orabusinessunit
Multiple
departments
orbusinessunitsCompanywide
0-12 12-24 24+
1
2
3
4
5
6
7
8
9
10
[CELLRANGE
]
[CELLRANG
E]
[CELLRANG
E]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE
]
[CELLRANGE]
[CELLRAN
GE]
[CELLRA
NGE]
[CELLRANGE]
IDC FutureScape 2017
Security Products and Services, Western Europe Implications
1
2
3
4
5
6
7
8
9
10
By 2021, 50% of all online transactions will incorporate biometric
authentication driven by a ubiquitous technology infrastructure
that enables low implementation costs and broad user
acceptance.
By 2019, more than 75% of IoT device manufacturers will
improve their security and privacy capabilities, making them
more trustworthy partners for technology buyers.
By 2019, 60% of major multinational corporations with ties to
Europe will face significant cybersecurity attacks aimed at
disruption of commodities.
Over the next 18 months, 85% of consumers in Western
European nations will defect from a business because their
personally identifiable information is impacted in a security
breach.
By 2019, 70% of Western European enterprise cybersecurity
environments will incorporate cognitive/AI technologies to assist
humans in dealing with the vastly increasing scale and complexity of
cyberthreats.
By 2018, 50% of enterprise customers will leverage analytics as
a service to help solve the challenge of combing through
security-related data and events.
By 2020, cloud security gateway functionality will begin to be
integrated as part of web service offerings to entice IT leaders to
move offerings to the cloud.
By 2020, 25% of Western European broadband homes will have
at least one IP-enabled home automation or security monitoring
sensor/device.
By 2021, 60% of Western European enterprises will invest in
incident response retainers.
By 2020, more than 25% of Western European enterprises will
secure their IT architectures through cloud, hosted, or SaaS
security services.
Note: The size of the bubble indicates complexity/cost to address.
Source: IDC, 2016

6. © IDC Visit us at IDC.com and follow us on Twitter: @IDC 6
Risk posture has an impact on the adoption
of new security technologies
Source: IDC Italy, 2016 (n=100, different within groups; cross-sector study, companies with more than 500 employees in Italy; weighted extrapolation)
15%
35%
55%
75%
THREAT INTELLIGENCE SERVICES MICRO SEGMENTATION AI/HEURISTICS
Currently using security technologies by risk posture
Risk propense (n=35) Risk averse (n=64)

7. © IDC Visit us at IDC.com and follow us on Twitter: @IDC 7
40%
52%
64%
76%
KNOWLEDGE OF
OBLIGATIONS
IMPLEMENTATION
PLANNING
PENALTIES MITIGATION
BASED ON EARLY
DETECTION/REMEDIATION
CONTINUOUS
IMPROVEMENT
IMPLEMENTATION
EXECUTION
ASSESSMENT OF
CAPABILITIES AND GAPS
Higherpreparednessscore(4to5)
Preparedness to GDPR
Risk propense (n=35) Risk averse (n=64)
GDPR implementation will also depend on
the actual perception of risks
Source: IDC Italy, 2016 (n=100, different within groups; cross-sector study, companies with more than 500 employees in Italy; weighted extrapolation)

8. © IDC Visit us at IDC.com and follow us on Twitter: @IDC 8
IDC Italia
Viale Monza 14
20127 Milano
Tel: +39 02 28457339
gvercellino@idc.com
Giancarlo Vercellino
Research & Consulting
Manager
IDC Italy
www.idc.com