Cyber Risk Strategy and Governance

Academic year: 2024/2025

Programme duration: 2 years


A Bachelor Degree in one of the following fields:  Engineering, Computer Science, Business, Economics, Political Sciences. 

Applicants should ideally have multidisciplinary backgrounds. It is useful to have studied a broad range of subjects and, of course, to have an interest in the prevention of and response to cyber risks.

Mission and goals

Two of Italy’s most prestigious universities, Bocconi and Politecnico di Milano, have joint forces to prepare a new category of professionals in the field of cyber risk. The two-year program, entirely taught in English, is based on a complementary blend of their strengths: Politecnico provides top-flight technological training, while Bocconi shares its expertise on the strategic and economic fronts.

It brings together several key knowledge areas to govern cyber risk. Firstly, it offers technical competencies in the fields of computer science and technology, crucial to a deep understanding of the cyber world. Then it reviews managerial, legal and economic principles to place cyber risk into context. Students also practice the soft skills required to communicate cyber challenges.


1st year

1st semester (@PoliMi)

  • Seminar: Introduction to cyber risk (@Bocconi)
  • Four compulsory courses (@Polimi): Software methodologies and architectures for security – module 1 (Enterprise ICT architecture) and module 2 (Software engineering methodologies for security); Cybersecurity technologies, procedures and policies; Artificial intelligence for security; Technology governance

The aim of this semester is to strengthen competencies in the fields of computer science to set the base for a solid professional development in cyber risks.

2nd semester (@ Bocconi) 

  • Seminar: Social engineering (@Polimi) 
  • Four compulsory courses (@Bocconi): Strategy and governance for cyber risk; Cyber risk and data protection law; Methods and data analytics for risk assessment; Institutional scenarios of cyber risk

The scope of this semester is to enhance the tool kit needed to frame cyber security issues, to set the appropriate strategies and to govern their complexity in organizational environments.

2nd year

  • Two Seminars: Ethical aspects of security and privacy (@ PoliMI); Soft skills (@Bocconi)
  • Four electives to be chosen among a selected group of courses held by both Bocconi (in 1st semester) and Politecnico (in 2nd semester) in the following topics: Data protection, Business and cyber intelligence, Blockchain and cryptoassets, Machine learning in cyber risks, Computer forensics, Fintech models
  • Internship, Foreign Language, Thesis

Career opportunities

This MSc program is built to prepare students to enter the job market in firms, financial institutions, other institutions in public/private sectors as well as consulting companies, with two main profiles:

As Cyber Risk Managers graduates will support tasks related to cyber risk management at organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies. In particular, they will be prepared to:

  • Identify cyber risks in complex organizations; 
  • Provide advisory services to increase awareness within organizations to both IT and non IT professionals;
  • Support the design and maintenance of the organization’s processes and information systems;
  • Contribute to setting the cyber policies of an organization to reduce the risk of vulnerability; 
  • Perform forensic analysis of information systems and data to identify cyber crimes or frauds and their origin; 
  • Lead data incident responses and data breach notification procedures at enterprise level.

As Data protection and security managers graduates will support tasks related to data protection, privacy management and compliance in order to govern risks on data. They deal with any data protection matters, issues and incidents and play a key role in fostering a data protection culture within the organization, designing and implementing essential elements of data protection regulations. This job profile is explicitly required by data protection regulations in Europe as well as around the world. In particular, graduates will: 

  • Design, advice, manage and maintain procedures’ compliance with data protection laws and policies
  • Conduct data protection and security assessments and develop and execute relevant project plans
  • Manage an awareness-raising program to promote a data privacy and security culture
  • Lead data incident responses and data breach notification procedures relative to data and privacy issues
  • Be the contact point for and cooperate with the relevant Data Protection Authorities when subjects exercise their individual data rights as well as supervise and advise on the response to such requests.

More info