Cyber Security Awareness, building the Generali “Human Firewall”

In our advancing digital world and in a complex international framework, cyber threats continue to grow, and cyber security plays an essential role in our professional and personal life. As anyone can read from reports worldwide, the vast majority of cyber incidents can be considered a result of a lack of awareness: “95% of all incidents”, according to the 2022 Global Risks Report by the World Economic Forum. Such lack of awareness really played a significant role in several high-impact cyber incidents: we live in a world where a phishing email or a missing update can lead to devastating damage.

Cyber security is not just about adopting the strongest technologies to defend a Company, but it is also about people, who play a fundamental role in protecting data and business. For Generali, being a Responsible Employer also means increasing awareness of its people on cyber threats, and helping them understand what can be done every day to become the strongest link in security.

Once a year, Cyber Security Awareness Month is an important reminder on everyone’s role in protecting our organization, but Generali’s Security Awareness strategy is a continuous journey, all year long.

Awareness is a relevant part in our Group Security Strategic Program, and ultimately in our Lifetime Partner 24: Driving Growth strategic plan, and it is constantly monitored to guarantee our compliance with market best practices and regulatory requirements.

Different learning paths are available on our Group Platform We LEARN or other channels to provide Group employees with specific security knowledge:

• Mandatory courses for all Generali people, for a basic and complete understanding of cyber hygiene;
• Specific courses for technical departments, for a deep understanding of security risks and best practices in relation to different organization’s processes and technologies;
• Online workshops and live sessions on specific security topics;
• “Upskilling” courses, for those who want to learn more about cyber security on a voluntary basis.

Newsletters and articles are also published on a regular basis, to provide colleagues with insights on emerging security risks, new technologies and tips to address everyday needs.

Phishing simulations are run throughout the Group, both to measure the overall aggregate exposure to social engineering risks and to help colleagues recognize “red flags” in malicious communications.

Gamification is also one of our allies: cyber quizzes, games and contests are periodically launched, and people can put their cyber skills to the test in an unconventional – but fun – way.