IDEAS home Printed from https://ideas.repec.org/p/bdi/wpmisp/mip_075_26.html

The Cyber Risk Of Non-Financial Firms

Author

Listed:
  • Francesco Columba

    (Bank of Italy)

  • Manuel Cugliari

    (Bank of Italy)

  • Marco Orlandi

    (Bank of Italy)

  • Federica Vassalli

    (Bank of Italy)

Abstract

We build a novel indicator of cyber risk vulnerability for Italian non-financial firms applying natural language processing and a large language model to information extracted from financial statements, news, and cyber industry reports. The indicator is based on a taxonomy tailored to the Italian case, that addresses dimensions of cyber risk that so far have not been considered within a unified methodological framework. The new taxonomy captures both the occurrence of cyberattacks and the presence of the associated defensive measures, such as the regulatory compliance, technological defences, and certifications for a large and heterogeneous sample of firms. We find that since 2019 a sizable share of firms has experienced an increase in frequency and heterogeneity of cyberattacks. Firms appear highly vulnerable: the impact of a cyber incident on the vulnerability index in the aftermath of the attack outweighs the mitigating effects of the defensive actions, which require some time to become effective. Also, we observe that firms tend to increase cyber-related information in official reporting following an attack. These findings warrant the integration of cyber risk into credit risk models.

Suggested Citation

  • Francesco Columba & Manuel Cugliari & Marco Orlandi & Federica Vassalli, 2026. "The Cyber Risk Of Non-Financial Firms," Mercati, infrastrutture, sistemi di pagamento (Markets, Infrastructures, Payment Systems) 75, Bank of Italy, Directorate General for Markets and Payment System.
    • Handle: RePEc:bdi:wpmisp:mip_075_26
    as

    Download full text from publisher

    File URL: https://www.bancaditalia.it/pubblicazioni/mercati-infrastrutture-e-sistemi-di-pagamento/approfondimenti/2026-075/N.75-MISP.pdf
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    JEL classification:

    • C52 - Mathematical and Quantitative Methods - - Econometric Modeling - - - Model Evaluation, Validation, and Selection
    • C55 - Mathematical and Quantitative Methods - - Econometric Modeling - - - Large Data Sets: Modeling and Analysis
    • G24 - Financial Economics - - Financial Institutions and Services - - - Investment Banking; Venture Capital; Brokerage
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bdi:wpmisp:mip_075_26. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: the person in charge (email available below). General contact details of provider: https://edirc.repec.org/data/bdigvit.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.