Abstract

The resolution and prevention of cyber problems is inextricably intertwined with issues relating to corporate organisation, e.g. the ability of companies to organize their internal functions in order to maximize and maintain their cyber risk management strategy. The need to also reserve adequate space in the decision-making and internal control processes of companies for the risks connected to computerization and IT interconnection was felt, first of all, in the banking sector which was charged with various and precise duties as required by the 40th update of Circular no. 285/2013. However, even small and unlisted companies will not be able to operate without setting up an internal organization capable of preventing, wherever possible, and promptly managing this type of risk in order to protect the very operations of the company (which a cyber attack could put at risk). The question arises, therefore, whether the risk connected to the use of digital technology still pertains to the methods of company managment and, therefore, must be subject to the rules relating to diligent administration.