Held 21st-23rd May 2025 in Piacenza, Italy, the second edition of CYBSEC-EXPO offered a clear view of the pressing cybersecurity challenges faced today, as well as a glimpse into the future of digital defence.
With global cyberattacks up 44% in the last year, CYBSEC-EXPO returned in 2025 carrying a strong message: organisations must invest in awareness, training, and cross-sector resilience. Co-located with Hydrogen Expo and the inaugural Nuclear Power Expo, the event addressed everything from deepfakes and OT (operational technology) vulnerabilities to national preparedness and digital trust.
Here are seven key takeaways from this year’s show.
1. AI is becoming the enemy – and the ally
Artificial intelligence (AI) is accelerating both cyberattacks and defences. According to 41% of surveyed exhibitors, AI-powered threats such as hyper-realistic phishing and deepfake content represent the most significant emerging danger over the next 12–18 months. Best practice sharing network Cyber Security Angels warned that within a year, deepfakes will be virtually indistinguishable from real communications.
It’s not all doom and gloom, however. Companies such as CyLock are meeting fire with fire, deploying AI-trained models – including ones built using real hacker data – to enhance vulnerability assessments and threat detection. This means that AI literacy is now an absolute must.
2. People are the weakest link
While threats are becoming more sophisticated, attackers are still cashing in on human error. Cyber Sphere explained that among the millions of phishing attacks launched, hackers count on 10% getting through – simply because someone will fall for them.
82% of the CYBSEC-EXPO exhibitors surveyed believe European organisations aren’t giving cybersecurity the priority it deserves. Moreover, when asked what would make the biggest difference in the future, the top answer wasn’t zero-trust frameworks or AI — it was better awareness and human factors training. Sometimes, the simplest solutions are the most effective.
3. Supply chains are an overlooked entry point
Several exhibitors named supply chain vulnerabilities as the top cyber threat for the year ahead – and with good reason. Gartner predicts that by the end of 2025, 45% of companies will suffer cyber damage via third-party suppliers.
NOVASYSTEM, for example, was keen to highlight updates to its Sling platform, which now includes tools for assessing suppliers’ cybersecurity compliance. Meanwhile, multiple conference sessions focused specifically on strategies to bolster supply chain cyber resilience. They discussed how, in a landscape shaped by the NIS2 directive, third-party security must become a standard procurement concern, not a box-ticking exercise.
4. Don’t just rely on one cybersecurity partner
Naquadria warned that relying on a single IT provider to cover all cyber needs is a risky move, as mistakes happen and vulnerabilities often arise from incorrect configuration of security systems. The best approach? Split responsibilities and bring in multiple specialist providers to cross-check each other’s work. This isn’t about doubling your budget – it’s about independent verification and benefiting from external expertise that evolves with the threat landscape.
5. OT is the next big battleground – especially in energy
As organisations strengthen their IT defences, cybercriminals are increasingly shifting focus to OT. With 27% of surveyed exhibitors citing OT/IoT as the next biggest threat, industries need to up their game. Energy is particularly at risk. 46% of exhibitors said that hydrogen and nuclear sectors are more vulnerable than others due to their additional OT challenges. Conference sessions led by the Italian Police and G.I.S.I (Italian Instrumentation Association) sought to address the risks and help participations take control of the situation.
6. Critical sectors still take full awareness
At the co-located Hydrogen Expo, the gap in awareness was striking. While Nuclear Power Expo exhibitors largely acknowledged the cyber risk, a significant proportion of hydrogen sector representatives didn’t see cybercrime as a major threat – or weren’t sure. As hydrogen infrastructure scales, any gaps in awareness, training, or OT protection could open the door to serious disruption not only to energy provision but also to employee and public safety. Cybersecurity can’t be an afterthought – it has to be embedded into hydrogen infrastructure from the start.
7. CYBSEC-EXPO is becoming a must-attend for cross-sector resilience
CYBSEC-EXPO is more than just a cybersecurity event – it’s a hub for cross-sector collaboration. Whether you’re in energy, logistics, healthcare, or manufacturing, cybersecurity is now central to operational resilience. Covering everything from ransomware to supply chain compliance and OT defence, CYBSEC-EXPO is carving out a vital space on the European calendar for professionals who want to stay ahead of evolving threats.
The third edition of CYBSEC-EXPO will return alongside Hydrogen Expo and Nuclear Power 9-11th June 2026.
For more information, please visit cybsec-expo.it.
