If you enrolled before the 2025/2026 academic year, consult the list of Programmes and Regulations available on your School website.
The information provided about the programme refers to the academic year 2025/26 and may be subject to change in the academic year 2026/27.
MSc in Cyber Risk Strategy and Governance
The Master of Science in Cyber Risk Strategy and Governance gives students the tools required to understand, assess and govern the opportunities and threats of the existing and emerging technologies used in our society. As innovative technologies are adopted, new issues arise, so students learn to look ahead, evaluate and communicate threats before they unfold.
These prospective professionals will thus be in a position to make a major contribution to intercepting cyber risks and preventing negative impact on the performance of organizations, both private and public.
Bocconi University and Politecnico di Milano have assembled a dynamic and multi-disciplinary community of researchers, experts and professors who study, analyze and apply strategies, governance and assessment tools of cyber risk. The challenging study program they have devised addresses the key cyber-related matters faced by all types of organizations, every day.
The program is highly interdisciplinary, by necessity, considering that computer technology increasingly affects almost every facet of modern life. It combines technical elements of computer science and analytical methods with a range of topics in the social sciences: management, economics, finance law, social engineering, ethics, and behavioral skills.
For candidates coming from the Bachelor’s degree in Computer Engineering at Politecnico di Milano who meet the minimum requirements, there are generally no difficulties, as the program is designed to ensure continuity. Students from other Italian universities must also meet the minimum requirements; however, they are more likely to be assigned “obligations,” meaning specific courses that must be included in their study plan to fill gaps in subjects not covered during their undergraduate studies. These additional requirements count toward the total credits required for the Master’s degree.
Applicants should ideally have multidisciplinary backgrounds. Whether their undergraduate (B.Sc.) degree is in computer science, engineering, management or economics, it is useful to have studied a broad range of subjects and, of course, to have an interest in the prevention of and response to cyber risks. Applications will be evaluated in detail by a joint committee of professors of the program. As a consequence there are no fixed admission criteria, but the selection process is competitive. In addition to a transcript of grades, your curriculum and a motivation letter will be evaluated.
The program equips students with advanced multidisciplinary knowledge and understanding essential for analysing and addressing cyber risk in complex organisational contexts. Graduates acquire solid foundations in computer science and data analysis, including ICT architectures, network infrastructures, software methodologies, and technologies for identifying and mitigating cyber threats. They also gain expertise in multi-disciplinary cyber risk frameworks, enterprise-wide risk models, decision analysis, scenario planning, and legal issues related to privacy, anonymity and data protection, enabling them to understand and assess both technological and organisational dimensions of cyber risk.
In addition to technical and analytical skills, the program focuses on applying knowledge to real-world challenges. Students learn to design security architectures, assess and audit cybersecurity policies, apply risk management models, and interpret regulatory frameworks. The course also allows for personalised study to deepen knowledge in strategic risk assessment, governance, and data protection. Graduates will be capable of contributing to strategy, policy design, compliance, and operational decision-making in organisations, and will develop competencies in communication, judgement, and lifelong learning—preparing them to manage emerging cyber risk issues effectively throughout their careers.
In terms of career opportunities, there are four main sectors where computer engineers can find employment: software companies that develop and maintain software, industrial companies, consulting firms, and startups. This is a significant career choice, as working as a computer engineer in a consulting firm is very different from working as a computer engineer in a software development company.
For academic information, career opportunities, or details about the course content, you may contact the program directors: Prof. Greta Nasi (greta.nasi@unibocconi.it) and Prof. Stefano Zanero (stefano.zanero@polimi.it).
For administrative information or enrollment procedures, please contact the Bocconi University administrative office