As cyber threats evolve and industrial sectors become prime targets, this year’s CYBSEC-EXPO highlighted one essential truth: technology alone isn’t enough. Effective internal communication and employee training are critical in building cyber resilience – especially when human error remains the weakest link.
Returning to Piacenza, Italy, for its second edition, CYBSEC-EXPO once again brought together a focused and passionate community of cybersecurity specialists and industrial leaders for strategic conversations about the evolution of cybersecurity across manufacturing, logistics, energy, and infrastructure. The atmosphere was warm and welcoming, and the exhibitors were very happy to chat with SE10 about the current cybersecurity landscape and the fast-changing risks facing our industrial PR clients. As we moved from stand to stand, one message came through loud and clear: the real challenge – and opportunity – lies in how organisations engage their people on the topic of cybersecurity. And that’s where communication and HR teams come in.
Human firewalls are just as critical as the digital kind
Despite the rise in sophisticated attacks, many of the breaches discussed at CYBSEC-EXPO followed a familiar pattern: employees clicking on phishing links, reusing weak passwords or falling victim to social engineering tactics.
Exhibitors explained how you can invest in the most advanced cybersecurity tools on the market, but it only takes one click to compromise an entire system. That’s why most of the people we spoke with pointed to security awareness and human factors training as the most effective approach for improving cyber resilience today.
IT can implement multi-factor authentication and monitor for threats, but employees need to understand why the protocols matter. Awareness campaigns, scenario-based training and clear internal messaging aren’t optional extras – they’re mission critical.
Deepfakes are getting better. Are your people ready?
One particularly urgent issue raised at the event was the rise of deepfakes and AI-generated threats. A deepfake of your CEO requesting an urgent payment? That’s no longer science fiction.
Fake voices and videos could soon be convincing enough to fool employees into transferring money or sharing sensitive information. Best practice sharing network Cyber Security Angels told us that in a year or two even seasoned professionals may struggle to tell the difference.
This is not just a technical issue. It’s a trust and education issue. Employees need to know what to look out for – and they need clear guidance on what to do when something doesn’t feel right. Communication teams have a central role to play in building organisations’ digital literacy, preparing staff for emerging threats, and maintaining confidence in leadership messaging.
The IT/OT divide is now a cyber battleground
In sectors such as manufacturing, energy, and infrastructure, there’s an added layer of complexity: the split between IT (informational technology) and OT (operational technology). While IT teams handle data, networks and software, OT covers the physical systems that keep factories, grids and transport running.
Historically, OT systems were less connected and often treated as separate from broader cybersecurity concerns. But that’s changed. As IT defences strengthen, attackers are targeting OT systems – and the consequences could be dangerous, even life-threatening.
Several speakers at the event warned of the growing risk of cyberattacks on industrial equipment, including PLCs (programmable logic controllers) and SCADA (supervisory control and data acquisition) systems. These are the core control systems that monitor and manage everything from manufacturing machinery to energy distribution – and taking them down can halt production or cause real-world harm.
Communications can bridge the gap
The trouble is that many people working in OT aren’t cybersecurity specialists – they’re engineers, machine operators or maintenance teams. That’s were good communication makes all the difference.
Effective internal communication can translate technical cyber risks into plain, actionable advice; tailor messages to different departments and risk profiles; support culture change and compliance during protocol rollouts; and reinforce training with ongoing campaigns and simulations.
Meanwhile, HR teams can help embed cybersecurity into onboarding, performance reviews, and leadership development, ensuring it becomes part of the company’s DNA.
Building a cyber-aware culture
Perhaps the most powerful insight from CYBSEC-EXPO 2025 is that cybersecurity is, at its core, a people problem. And solving it requires more than software. It requires a shift in mindset.
By involving comms and HR early – not just after an incident – organisations can build a more resilient, cyber-aware culture. One that’s not only safer but better equipped to adapt to the rapidly changing threat landscape.
And in industrial sectors where safety and continuity are everything, that’s a competitive advantage.
Stronger together
Events like CYBSEC-EXPO are a vital reminder that no team can tackle cybersecurity alone. From engineers to executive, IT specialist to HR leads – everyone must contribute.
As the risks become more sophisticated, so too must our collaboration. Whether it’s educating office-based staff about phishing emails or preparing leadership for the impact of AI-driven deepfakes, communication teams are central to success.
Thanks again to the organisers and exhibitors at CYBSEC-EXPO for sparking these important conversations. We’re looking forward to seeing how the industry – and the event – continues to evolve.
Need support with cybersecurity communications? Get in touch to see how we can help you run effective internal comms campaigns that build awareness, engagement and resilience.
