Cybersecurity

Intesa Sanpaolo pays particular attention to strategic importance of ESG principles, integrating them into all its activities, including information protection and cybersecurity.

This commitment strengthens the cyber resilience of the overall country system, promoting trust among stakeholders and contributing to economic and social stability. To reinforce those principles, the Chief Security Officer Governance Area has been established in 2024 to integrate the responsibilities of physical security, cybersecurity and business continuity.

Cybersecurity is managed through an integrated and sustainable model, divided into three main macro-areas: Direction, Control and Active Supervision.

UN SDGs SUPPORTED

Cybersecurity activities follow common guidelines across the Group, contributing to responsible governance and organizational resilience. The management model is reviewed annually or according to regulatory and technological changes, according to the principle of continuous improvement. In addition, the cybersecurity structure carries out strategic intelligence activities to proactively identify and manage relevant risk scenarios, to protect the Bank, the stakeholders and the economic-social system.

The Board of Directors annually approves the IT Security Plan, which addresses the challenges of cyberspace through targeted interventions by the Group’s functions. This plan is based on a strategy that considers the evolution of risks and the human factor, divided into four pillars: Protect customers: counter fraud and attacks, consolidating digital trust. Protect the Bank: improve the protection and recovery capacity of digital infrastructures. Ensuring regulatory compliance: ensuring compliance with laws and regulations. Enable digital trust: offer secure access to online services and form the entire value chain. 

The Group also acts in collaboration with the authorities to combat the new techniques used by fraudsters and uses every channel to raise customer awareness to actively deal with phishing attempts and remember that credentials are personal, must be well guarded and must not be communicated to third parties. Cyber Awareness communications have been extended to all customers, in order to prevent fraud and scams deriving from social engineering techniques and the spread of malware.

Intesa Sanpaolo attaches great importance to the enhancement of the skills and professional development of specialists in the digital security sector. This commitment is realised through partnerships with renowned academic institutions, including Università Bocconi, Università Cattolica, Politecnico di Milano, Politecnico di Torino, Business School Il Sole 24 Ore, Università di Padova, Alma Mater Studiorum di Bologna, Università degli Studi di Parma and Università di Cagliari. At the same time, the Group is committed to spreading the culture of cybersecurity in the financial system, participating in important national and international working groups, such as Europol, ECSO, the National Cybersecurity Agency, CERTFin and the European Banking Federation (EBF). These activities include creating community awareness content, supporting the setting of industry regulations, and sharing experiences with public and private entities to promote digital security.

In addition, Intesa Sanpaolo has strengthened its collaboration with consumer associations through the initiative “Mettere in comune competenze 2024 - MICC” and with Museum of Saving (Museo del Risparmio), participating in training events aimed at primary and secondary school students and their teachers. Among the main initiatives, projects such as “Metti in pratica la cybersecurity” and “Sicurezza informatica e cultura digitale nelle scuole: come proteggerci e sensibilizzare” aim to spread awareness about cybersecurity. The Group also promotes mentoring with the Sky is no limit programme and addresses innovative topics, such as cryptocurrencies and artificial intelligence, through “Cryptovalute e intelligenza artificiale” project. For adults, activities such as “Drizzate le antenne!” webinar are organized, while mass awareness campaigns have been launched with CERTFin, including “I Navigati”.

To complete these initiatives, the second season of the podcast was produced “L’arte della difesa digitale”, distributed through Intesa Sanpaolo On Air to promote cybersecurity awareness. Internally, the Group guarantees continuous and personalised training to all staff, regardless of hierarchical level. Activities include periodic simulations with top management, classroom or distance training courses and regular audits to assess the effectiveness of awareness-raising initiatives. For security professionals, specialized certifications are also offered to enrich their skills. Through these initiatives, Intesa Sanpaolo confirms its commitment to sustainable and inclusive development, promoting the culture of digital security and strengthening the resilience of the financial system, for the benefit of the entire community.

*Training hours defined as the duration of the teaching units used