Clusit - Associazione Italiana per la Sicurezza Informatica, Rapporto Clusit 2018 sulla sicurezza ICT in Italia, 2018
 J. G. March, and Z. Shapira, “Managerial perspectives on risk and risk taking,” Management science, Vol. 33, no 11, pp. 1404-1418, 1987.
 K.J Arrow, Aspects of the Theory of Risk Bearing. Helsinki: Yrjo Jahnssonis Saatio, 1965.
 J. W. Pratt, “Risk Aversion in the Small and in the Large,” Econometrica, Vol. 32, pp. 122-136, 1964.
 G. Bansal, “Distinguishing between Privacy and Security Concerns: An Empirical Examination and Scale Validation,” Journal of Computer Information Systems, Vol. 57, pp. 330-343, 2017.
 D. L. Goodhue, and D. W. Straub, “Security concerns of system users: a study of perceptions of the adequacy of security,” Information & Management, Vol. 20, no. 1, pp. 13-27, 1991.
 A. Mukhopadhyay, D. Saha, B. B. Chakrabarti, A. Mahanti, and A. Podder, “Insurance for Cyber-risk: A Utility Model Decision,” Decision Support Systems , Vol. 32, no. 1, pp. 153-169, 2005.
 H. Öğüt, S. Raghunathan, N. Menon, “Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection,” Risk Analysis, Vol. 31, no. 3, pp. 497–512, 2010.
 CPMI-IOSCO, Guidance on cyber resilience for financial market infrastructures. Bank for International Settlements and International Organization of Securities Commissions, 2015.
 N. S. Safa, R. Von Solms, and S. Furnell, “Information security policy compliance model in organizations,” Computers & Security, Vol. 56, pp. 70-82, 2016.
 C. Biener, M. Eling, and J.H. Wirfs, “Insurability of Cyber Risk: An Empirical Analysis,” Working Paper of Finance, University of St. Gallen, no. 3, 2015.
 Deloitte, Modelli di governance dei rischi cyber e raccomandazioni di sviluppo per le aziende. Milano 2016.
 J. L. Hieb, “Cyber security risk assessment for SCADA and DCS networks,” ISA Transactions, Vol. 46, pp. 583-594, 2007.
 A. Hoffmann, and H. Ramaj, “Interdependent risk networks: the threat of cyber attack,” International Journal of Management and Decision Making, Vol. 11, no. 5/6, pp. 312-323, 2011.
 K. S. Hong, Y. P Chi, L. R. Chao, J. H. Tang, “An integrated system theory of information security management,” Information Management & Computer Security, Vol. 11, no. 5, pp. 243-248, 2003.
 P. Ifinedo, D. Olsen, “An Empirical Research on the Impacts of organisational decisions’ locus, tasks structure rules, knowledge, and IT function’s value on ERP system success,” International Journal of Production Research, Vol. 53, no. 8, pp. 2554-2568, 2015.
 R. Keyun, “Introducing cybernomics: A unifying economic framework for measuring cyber risk,” Computers & Security, no. 65, pp. 77–89, 2017.
 National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity. 2017. www.nist.gov/cyberframework
 J. F. V. Niekerk, R. V. Solms, “Information security culture: a management perspective,” Computers & Security, Vol.17, pp. 476-486, 2010.
 PricewaterHouseCoopers, Enhancing business resilience: Transforming Cyber risk management through the role of the Cief Risk Officer (CRO). 2015. www.pwc.com/financialservices
 H. Stewart, J. Jürjens, “Information security management and the human aspect in organizations,” Information & Computer Security, Vol. 25, no. 5, pp. 494-534, 2017.
 S. Kaplan, B. J. Garrick, “On the quantitative definition of risk,” Risk Analysis, Vol. 1, no 1, pp. 11–27, 1981.
 S. Hoo, How much is enough? A risk-management approach to computer security. CA: Stanford University, 2000.
 NIST, Risk management guide for information technology systems.National Institute of Standards and Technology (NIST). 2002.
 Z. Ramadan, “The gamification of trust: the case of China’s “social credit,” Marketing Intelligence & Planning, Vol. 36, no. 1, pp. 93-107, 2018.
 M.C. Arcuri, M. Brogi, and G. Gandolfi, “Ciber risk in the financial industry, the market reactions,” Bancaria, Vol. 4, pp. 35-49, 2017.
 A. Abbott, Methods of Discovery: Heuristics for the Social Sciences. New York: W.W. Norton, 2004.
 Commissione Europea, Resilienza, deterrenza e difesa: verso una ciber sicurezza forte per l’UE. Comunicazione congiunta al parlamento europeo e al consiglio, 13 dicembre 2017.
 EBA (a), Risk Dashboard data as of Q2 2017. European Banking Authority, 2017.
 EBA (b), Guidelines on ICT Risk Assessment under the Supervisory Review. European Banking Authority, 2017.
 G7 (a), Foundamental elements of cybersecurity for the financial sector. ottobre 2016
 G7 (b), Foundamental elements for effective assessment of cybersecurity for the financial sector. ottobre 2017.
 Banca d'Italia (d), Disposizioni di Vigilanza per le banche, to the 16th update of 285/13. Banca d’Italia , 2013.
 Banca d'Italia (b), Linee guida per la definizione di una metodologia di analisi del rischio informatico e di un processo di gestione del rischio informatico. Support Project adjustment to the 15th update of 263/06 - new information technology and business continuity – September 2014.
 Banca d'Italia (c), Policy di Metodologia di analisi del rischio Informatico, Risk Analysis methodology - Support Project adjustment to the 15th update of 263/06 - new information technology and business continuity - January 2014.
 Banca d'Italia (a), Nuove disposizioni di vigilanza prudenziale per le banche. Circolare n. 263 del 27 novembre 2016, www.bancaditalia.it
 EBA (c), Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2). European Banking Authority, 2017.
 CIS Sapienza and CINI, Italian Cyber Security Report. Un report nazionale per la cyber security. Roma 2015, www.cybersecurityreport.com