Fastweb Cybersecurity Matters

Me, the cyberthreat?
How to increase awareness about the role of the human factor in cybersecurity?


Today, more than ever, cybersecurity is unequivocally recognized as a pressing concern. Escalating cyberattacks compel enterprises and public administrations to adopt significant and costly technological countermeasures to shield themselves against increasingly timely and sophisticated incursions and attacks.

However, human factors are not receiving the attention they rightfully deserve in this context. The improvement of defense and attack systems, the enactment of ad hoc regulations, is not always matched by the proper consideration of people's behaviors.

In addition there is another important factor that can affect anybody: human error. Frequently, it is the users themselves who inadvertently expose vulnerabilities, rendering all the infrastructure-related precautions designed to safeguard individuals and organizations ineffective.

Once again, the root cause lies in the lack of awareness regarding potential scenarios and risks. So, how can this awareness be raised and empower people to prevent security risks?

The answer lies in education—training that genuinely engages people and establishes an active and participatory learning environment.

Alessandro Pollini 
Alice Verioli
Tania Sabatini
Giordano Manchi 

Image of code script

A snapshot of the organization's maturity in the field of cybersecurity.

As mentioned, in the cybersecurity domain, not only infrastructure and defense systems provide security. There is a component that is too often underestimated: the Human Factors.
Why are certain decisions made? What drives a person, even a well-trained one, to engage in risky behavior? In what situations do people disregard or underestimate warning signs? How to raise awareness about cyber dangers and attacks?

In the Cybersecurity Matters project, the BSD team engaged Fastweb's corporate population in an awareness campaign that leveraged Conversational Storytelling to promote awareness of the role of the human component in cybersecurity.  

In this project, the objectives were multiple; to collect and analyze data on the behaviors adopted in precise decision-making contexts, with respect to security-critical scenarios of daily professional life; to understand the reasons that lead people not to follow corporate guidelines and run into potential cybersecurity risks; to identify the factors that incentivize people to correctly follow corporate cybersecurity guidelines; and to promote and support training, stimulating greater sensitivity and awareness on cybersecurity and with respect to the value of the individual. 

Image of a landing page of the project

Mikey makes mistakes, learns, and experiences emotions. The goal is to help him mature alongside the participant throughout the experience.

The corporate population was introduced to Mikey, a conversational agent specially designed for this project. Through a Conversational Storytelling platform, Mikey engaged with individual participants, sharing personal stories about his experiences in cybersecurity.

These stories were based on the participants' organizational roles, exploring realistic scenarios aligned with their daily operations. This approach allowed individuals to relate to and identify similarities with their own experiences within the company, fostering a deep engagement with Mikey's narrative.

Image that shows how Matters' Stories are built


of the company's population involved.

Over a specific period, participants embarked on a learning journey guided by Mikey, facilitating a deeper understanding of cyber threats. It helped participants not only in gaining knowledge about potential cyber dangers but also in developing an awareness of how an individual's and a group's actions and choices can significantly impact the company's security.

Thanks to the data collected, the BSD team drafted a report with operational, organizational, technological and training indications and suggestions in order to provide the company, a guideline to undertake a path of prevention to cyber risks with actions applicable in the business context in the short, medium and long term so as to close the gaps that emerged.

Matters homepage's interface