Cybersecurity certification: what to know | Lokki


The National Cybersecurity Agency – ACN – is moving towards product cyber security certifications through an internal update at both an organizational and procedural level. The legislative decree under discussion serves to identify national adjustments to the European cyber security certification framework.

The new Italian cyber security posture

The meeting of OCSI (IT Security Certification Body) and CVCN (National Evaluation and Certification Center) under the aegis of the ACN is an important milestone for the Italian cyber security posture. This change will contribute to product certification becoming the standard for stabilization and consolidation of the cyber security discipline, exactly as has happened in the past in the market with a view to safety and chemical and biological safety of products of any kind. Mandatory nature will bring new habits and will spread thanks to the supply chain and supplies market, giving rise to new standards and new widespread, widespread and shared professionalism, no longer the prerogative of a select few.

The importance of cyber security product certifications

Cyber ​​security product certifications have existed in Italy for over twenty years, since 1995, but they could only be used in the context of national security. In 2003, a second National Scheme was established suitable for providing certification services to all sectors that do not belong to this context, but only after another twenty years was the decree and the Italian scheme for commercial products born.

The ongoing decree provides that the Agency, in case of violation of the obligations of the European cybersecurity certification framework and article 65 of the Cyber ​​Security Regulation, will impose financial and additional sanctions. Revenues which, if the decree remains as proposed, will increase the allocation of the chapters of the Agency’s budget intended for research and training activities on the cybersecurity certification of ICT products. Furthermore, if the Agency ascertains the non-compliance of an EU declaration of conformity as a result of the surveillance activities, it will be the obligation of the issuing manufacturer or supplier to review or revoke the EU declaration of conformity within thirty days, informing the Agency and ENISA.

The Cybersecurity Act of the European Union pursues the objective of putting in place a mechanism aimed at establishing European cybersecurity certification systems and at certifying that the ICT products, services and processes assessed within them comply with certain security requirements, in order to protect the availability, authenticity, integrity or confidentiality of the data stored, transmitted or processed or the functions or services offered by such products, services and processes or accessible through them throughout their life cycle. In practice, the idea behind creating an ICT product certification scheme is to check a set of basic security requirements, once, and for all customers.

In addition to following the European regulation, it is good practice for professionals, institutions, companies, traders and all those who hold sensitive data of their employees and customers to also protect themselves through specifically designed insurance. There Lokky Cyber ​​Risk Policy offers the insured the coverage of expenses and losses resulting from cyber attacks, as well as providing the intervention of an expert for the recovery of lost data and for decontamination from any malware. All services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also presents a Top version of the policy which instead provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company image.

Unforeseen events lurk around the corner, and the presence of an advanced insurance broker, able to assist and advise the company also in managing the claim, can make the difference between the positive or negative performance of a business that has suffered a cyber attack.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *