No. 75 - The Cyber Risk of Non-Financial Firms
This work proposes an indicator of cyber risk vulnerability for Italian non-financial firms, applying natural language processing and a large language model to data extracted from financial statements, news reports, and cyber industry reports. The indicator is based on a taxonomy tailored to Italy, addressing dimensions of cyber risk that so far have not been considered within a unified methodological framework. The new taxonomy captures, for a large and heterogeneous sample of firms, the occurrence of cyberattacks, the degree of firms' regulatory compliance and the utilization of cyber defence technologies and security certifications. The aptness of including cyber risk in credit risk models is suggested by the data on cyberattacks in Italy, which have been on the rise since 2019. The negative impact of cyber incidents on firms' vulnerability in the aftermath of an attack outweighs the mitigating effects of defensive actions, which require some time to have an impact. Also, firms tend to increase the amount of information on cyber risk in official reporting only after suffering an attack. Overall, the findings indicate that cyber risk may have material effects on business continuity and, hence, it has to be incorporated into credit risk assessments.
Full text
-
19 January 2026
YouTube
X - Banca d'Italia
Linkedin
RSS
E-mail Alert
