Il puzzle del rischio informatico nel 2026 | Luca Bonora e Luca Benatti | Cyberoo Black Club 2026

Learn how to address cybersecurity challenges in 2026 in this exclusive talk from the Cyberoo Black Club. Luca Bonora and Luca Benatti analyze the complex puzzle of cyber risk, offering a strategic vision that goes beyond the simple adoption of technological tools and focuses on the ability to manage complexity through informed choices. In this video, we explore the modern definition of cyber risk, understood as the interaction between threat, vulnerability, and response time. We delve into crucial topics such as digital sovereignty and the importance of data independence, analyzing how international regulations and the geographic location of cloud providers can impact corporate information protection and GDPR compliance. Extensive attention is given to the security of the OT and IoT worlds, which are crucial for manufacturing companies. We explore how asset discovery, device inventory, and vulnerability assessment are necessary pillars for protecting SCADA and PLC systems without compromising business continuity. The discussion also touches on the topic of network segmentation and the adoption of models such as Purdue 3.0 to isolate critical processes. Particular attention is given to the impact of artificial intelligence in 2026. We analyze the evolution of external threats, with increasingly faster attackers thanks to the use of agents and LLMs on the dark web, and internal defense strategies. We explain the importance of keeping humans in the decision-making cycle, the so-called "human-in-the-loop," and of managing AI agents with controlled permissions and access to limit the risk of data exfiltration. The video also addresses the human factor, considered the primary corporate firewall. We present the neuroscientific approach to behavioral training, essential for meeting the requirements of the NIS2 directive, which involves not only technical personnel but also the corporate board. Finally, we analyze supply chain security, emphasizing the need to map suppliers, request software bills of materials, and constantly monitor the risk level of the entire supply chain.