The value of cybersecurity in a landscape shaped by geopolitics and AI

If the word “hacker” makes you think of a youngster in a black hoodie, sitting alone in front of a computer, you are underestimating the threat of a cyberattack on your company. Today, cyber risks are a global phenomenon with a strong geopolitical dimension. Cyberattacks inflict significant financial losses on companies – nearly €10 trillion globally in 2024 alone – along with reputational harm and operational disruptions. In turn, these erode customer trust, undermine stakeholder confidence, and jeopardize the long-term stability of businesses. Recognizing this, the World Economic Forum has identified cyber risks as one of the top ten global threats for the coming decade.

Consequently, cybersecurity has shifted from being merely an IT concern to a strategic issue requiring attention at the Board and CEO levels. This places increasing pressure on corporate cybersecurity leaders – the Chief Information Security Officers (CISOs) – who are navigating an increasingly complex threat landscape, often without the resources necessary to meet these challenges. Beyond their core role in cybersecurity, CISOs are pivotal today in related areas ranging from fraud prevention to data protection to privacy, and from business continuity to the broader enterprise risk management. This expanding scope highlights their importance as strategic partners in driving organizational success. Yet at the same time CISOs face also growing pressure to prove the value of their work, in organizations that too often view cybersecurity as a cost rather than a strategic asset.

This was one of the key topics discussed last week at SDA Bocconi during a meeting of the Corporate Information Security Roundtable (CISR), an initiative of the school of management that fosters discussions between CISOs from large European and American companies. “The aim is to enable members to exchange concrete, actionable strategies which they can tailor to their specific organizational contexts, providing valuable takeaways that reflect both global insights and specific challenges,” explains CISR Director Prof. Hans Brechbühl. The Milan event hosted twenty CISOs and cybersecurity professionals from both the European and American chapters of the roundtable. “Being able to host an exchange between the CISOs from both sides of the Atlantic was useful for all, enabling them to share perspectives,” continues Brechbühl, “as today there is greater general awareness of the depth of the cyber challenge in the Americas, but Europe has a stronger approach to regulation, especially in areas like privacy."

The differing paths of regulatory evolution are also likely to shape the future role of the CISO. “In the United States, liability for incidents may increasingly fall on the CISO, as shown by a recent case involving Uber,” explains Nico Abbatemarco, lecturer of Leadership, Human Resources and Digital Technologies at SDA Bocconi. “In contrast, in Europe, regulations like the NIS2 Directive (effective in Italy since last October), are shifting responsibility onto the CEO and Board of Directors, although awareness of this fact is not yet widespread.”

The Milan event also aimed to explore the future horizons of cybersecurity, with a significant focus on artificial intelligence (AI). The most immediate concerns relate to the opacity of AI algorithms and the risk of data leakage, as well as the proliferation of AI-powered attacks anticipated to happen between 2025 and 2026. But in the longer term AI also has the potential to make cybersecurity tools and processes more efficient and effective, although results so far have fallen short of expectations.

In this constantly changing landscape, staying updated and supporting each other is essential, especially in a field like security where collaboration is key – which makes initiatives like CISR all the more important. Therefore, it was a great privilege to host at SDA those who made this exchange possible: our members from Bechtel, Chevron, Corning, Gap, Dräger, EssilorLuxottica, Intercontinental Exchange, Owens Corning, Nestlé, Schindler, SFS Group, Swarovski, Swiss Post, Templafy, Tetra Pak e Veikkaus.