Cybersecurity, Information Security & AI Governance

Cybersecurity as a pillar of trust and resilience

Cybersecurity, information security and responsible AI governance are key components of Prysmian’s global governance, risk management and operational resilience model. 

As a global leader in energy and digital connections, Prysmian operates across industrial, digital and supply chain ecosystems that are increasingly interconnected. Protecting information, systems, plants, data and digital services is essential to ensure business continuity, support innovation, safeguard customer trust and create long-term value.

Prysmian’s cybersecurity model is designed to protect the confidentiality, integrity and availability of information and information systems across IT, cloud, industrial and operational technology environments. The Group combines governance, risk management, threat intelligence, security monitoring, incident response, training, third-party security requirements and continuous improvement.

The Group’s Information Security Strategy is supported by a framework of policies, procedures and operating instructions, periodically reviewed to reflect changes in technology, regulation, threat scenarios and the Group’s risk profile. The information security risk management process is based on ISO/IEC 27005 and integrated into the Group Enterprise Risk Management system.

Governance and oversight

Prysmian has established an Information Security & Artificial Intelligence Committee to oversee strategic cybersecurity, information security and artificial intelligence initiatives.

The Committee has the main responsibility of defining and monitoring cybersecurity strategic and operational goals, ensuring the effectiveness and efficiency of the Cybersecurity Framework and Program. It also discusses, plans and monitors relevant information security topics and activities across the Group, addresses issues and incidents, and supports the safe, ethical and compliant implementation and use of Artificial Intelligence.

The Committee is composed of:


Name Position
Giovanni Cauteruccio Group Chief Information & Digital Officer, acting as leader
Giorgio Alchieri Information and Cyber Security Director
Alberto Boffelli Chief Operating Officer
Alessandro Nespoli Chief Risk & Compliance Officer
Chiara Francesca Comparini Risk Governance, ERM and Transmission Risk Management Director
Paola Pulidori Chief Internal Audit Officer
John Andrews Chief HR & Organization Officer
Stefano Bigotto Organization and Workforce Planning VP
Maria Vittoria Giancola Digital Strategy & Innovation Labs and IT Business Partners Director
Gianmarco Camillo Group Intellectual Property VP

Certifications, regulatory alignment and external assurance

Prysmian’s information security governance model is aligned with leading international standards, recognized cybersecurity frameworks and applicable regulatory requirements across the jurisdictions in which the Group operates.

Prysmian maintains ISO/IEC 27001:2022 certification for its certified Information Security Management System scope. The certification is subject to independent external audits performed by an accredited certification body and supports a structured approach based on risk management, policies, controls, monitoring and continuous improvement.

Across the Group, Prysmian companies hold and maintain additional cybersecurity certifications and attestations, in line with applicable regulatory, market and customer requirements. These certifications and attestations are supported by corporate policies, risk management activities, security awareness, monitoring, incident response processes, third-party security requirements and continuous improvement initiatives.

Data Breaches

In FY2025, Prysmian did not record any material data breaches.

Public Documentation


Document Category
Information Security Policy Governance / Information Security Management save_alt
Security Incident Management Policy Incident Response save_alt
Third Parties Security Policy Third-Party Security save_alt
Data Classification Policy Data Protection save_alt
Data Disposal and Data Retention Policy Data Lifecycle Management save_alt
Backup and Restore Policy Business Continuity / Recovery save_alt
Hardening Policy Vulnerability Management / Secure Configuration save_alt
Logging Policy Monitoring / Detection save_alt
Cloud Security Policy Cloud Security save_alt
IoT/OT Security Policy Industrial Cybersecurity / OT Security save_alt
ISO/IEC 27001:2022 Certificate Certification / External Assurance save_alt