Cybersecurity Risk Management and Strategy	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	ITEM 16K. CYBERSECURITY Risk Management and Strategy Our cybersecurity strategy prioritizes the detection, analysis, and response to both anticipated and unexpected threats, as well as the effective management of security risks and the promotion of resilience to incidents. Our cyber risk management processes include technical security controls, monitoring systems, employee training, third-party-provided tools and services, and management oversight to assess, identify, and manage material risks arising from cyber threats. These processes are part of our general enterprise risk management system, and their integration into the Company’s operational procedures, internal controls, and information systems is continuously improving. To address cybersecurity risks, we have developed a scenario-based strategy that identifies various potential threats and cyber incidents to which we may be exposed and defines the necessary steps to prevent and/or manage them. This approach facilitates and expedites the identification, assessment and management of cyber threats. Furthermore, to enhance the effectiveness of our risk management strategy, we have established cybersecurity and information security awareness training programs covering company policies and procedures related to cybersecurity and data protection. These programs include guidelines for reporting suspicious activities such as phishing attempts, viruses, spam, insider threats, suspicious human behavior, or security issues. Certain employees receive specialized training based on their specific roles to improve their understanding of potential risks. Courses are delivered every two years, and all employees in the IT department received specialized training in 2023, with the next update currently planned for 2025. We continuously monitor and address cybersecurity risks through targeted phishing campaigns and defense/attack simulation software to test various categories of cyber threats. Our security posture is based on a defense-in-depth strategy that relies on multiple layers of technology, including client- and server-side antivirus/antispam software. These technologies automatically initiate remediation actions when potential threats are detected. We use data collection tools to monitor access to corporate IT resources. These tools apply event correlation techniques and advanced protection features to promptly detect and manage threats, with notifications sent to the IT Department for immediate intervention. A simplified, but not exhaustive, example is the detection of simultaneous access from different geographic areas using the same account. Our tools can correlate events, analyze them, block the account’s operations, and send an alert to the IT Department and the Cybersecurity team. We also have contractual agreements with third-party providers to strengthen our security measures, such as engaging a 24/7 Security Operations Center (SOC) for monitoring network events, including threat intelligence analysis, to identify intrusion attempts or attacks on our corporate networks in real-time. We also collaborate with specialized companies to conduct vulnerability assessments and penetration tests. In 2024, we conducted an annual risk assessment, reviewing our risk profile and making informed decisions regarding technology and resource investments for cyber risk management based on the results of that assessment. We adopt a risk-based approach to mitigate cyber threats associated with third parties, IT vendors and business partners who share IT systems or infrastructure components with our Group. To ensure that IT third parties have adequate cyber risk management processes in place, we require a SOC report from high-risk vendors. Finally, we have implemented a disaster recovery process to ensure business continuity in the event that our key IT systems are compromised or rendered unavailable due to a cyber incident. In 2024 and up to the date of this Annual Report, no cyber threat has had or is reasonably likely to have, a material impact on our business strategy, operating results, or financial condition. Governance Our Board of Directors acknowledges the paramount importance of cybersecurity in protecting sensitive data and is responsible for overseeing risk management, including the review and approval of the Company’s approach to risk management and its related processes. The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents. We have also designated a team of executives and managers responsible for governance, strategy, and risk management in the area of cybersecurity. The management of cybersecurity policies is entrusted to individuals with formal education and degrees in information technology or cybersecurity, or relevant experience in cybersecurity fields, including relevant industry experience. In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis. Specifically: • The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan. • The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response. The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders. The Control and Risk Committee, the CIO, and the Cybersecurity Manager also meet annually to review the results of risk assessments and adjust the Company’s strategy accordingly.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	These processes are part of our general enterprise risk management system, and their integration into the Company’s operational procedures, internal controls, and information systems is continuously improving.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors acknowledges the paramount importance of cybersecurity in protecting sensitive data and is responsible for overseeing risk management, including the review and approval of the Company’s approach to risk management and its related processes.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents. We have also designated a team of executives and managers responsible for governance, strategy, and risk management in the area of cybersecurity. The management of cybersecurity policies is entrusted to individuals with formal education and degrees in information technology or cybersecurity, or relevant experience in cybersecurity fields, including relevant industry experience.
Cybersecurity Risk Role of Management [Text Block]	Governance Our Board of Directors acknowledges the paramount importance of cybersecurity in protecting sensitive data and is responsible for overseeing risk management, including the review and approval of the Company’s approach to risk management and its related processes. The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents. We have also designated a team of executives and managers responsible for governance, strategy, and risk management in the area of cybersecurity. The management of cybersecurity policies is entrusted to individuals with formal education and degrees in information technology or cybersecurity, or relevant experience in cybersecurity fields, including relevant industry experience. In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis. Specifically: • The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan. • The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response. The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders. The Control and Risk Committee, the CIO, and the Cybersecurity Manager also meet annually to review the results of risk assessments and adjust the Company’s strategy accordingly.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis. Specifically: • The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan. • The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 16K. CYBERSECURITY

Risk Management and Strategy

Our cybersecurity strategy prioritizes the detection, analysis, and response to both anticipated and unexpected threats, as well as the effective management of security risks and the promotion of resilience to incidents. Our cyber risk management processes include technical security controls, monitoring systems, employee training, third-party-provided tools and services, and management oversight to assess, identify, and manage material risks arising from cyber threats. These processes are part of our general enterprise risk management system, and their integration into the Company’s operational procedures, internal controls, and information systems is continuously improving.

To address cybersecurity risks, we have developed a scenario-based strategy that identifies various potential threats and cyber incidents to which we may be exposed and defines the necessary steps to prevent and/or manage them. This approach facilitates and expedites the identification, assessment and management of cyber threats.

Furthermore, to enhance the effectiveness of our risk management strategy, we have established cybersecurity and information security awareness training programs covering company policies and procedures related to cybersecurity and data protection. These programs include guidelines for reporting suspicious activities such as phishing attempts, viruses, spam, insider threats, suspicious human behavior, or security issues. Certain employees receive specialized training based on their specific roles to improve their understanding of potential risks. Courses are delivered every two years, and all employees in the IT department received specialized training in 2023, with the next update currently planned for 2025. We continuously monitor and address cybersecurity risks through targeted phishing campaigns and defense/attack simulation software to test various categories of cyber threats.

Our security posture is based on a defense-in-depth strategy that relies on multiple layers of technology, including client- and server-side antivirus/antispam software. These technologies automatically initiate remediation actions when potential threats are detected. We use data collection tools to monitor access to corporate IT resources. These tools apply event correlation techniques and advanced protection features to promptly detect and manage threats, with notifications sent to the IT Department for immediate intervention. A simplified, but not exhaustive, example is the detection of simultaneous access from different geographic areas using the same account. Our tools can correlate events, analyze them, block the account’s operations, and send an alert to the IT Department and the Cybersecurity team.

We also have contractual agreements with third-party providers to strengthen our security measures, such as engaging a 24/7 Security Operations Center (SOC) for monitoring network events, including threat intelligence analysis, to identify intrusion attempts or attacks on our corporate networks in real-time. We also collaborate with specialized companies to conduct vulnerability assessments and penetration tests. In 2024, we conducted an annual risk assessment, reviewing our risk profile and making informed decisions regarding technology and resource investments for cyber risk management based on the results of that assessment.

We adopt a risk-based approach to mitigate cyber threats associated with third parties, IT vendors and business partners who share IT systems or infrastructure components with our Group. To ensure that IT third parties have adequate cyber risk management processes in place, we require a SOC report from high-risk vendors.

Finally, we have implemented a disaster recovery process to ensure business continuity in the event that our key IT systems are compromised or rendered unavailable due to a cyber incident. In 2024 and up to the date of this Annual Report, no cyber threat has had or is reasonably likely to have, a material impact on our business strategy, operating results, or financial condition.

Governance

Our Board of Directors acknowledges the paramount importance of cybersecurity in protecting sensitive data and is responsible for overseeing risk management, including the review and approval of the Company’s approach to risk management and its related processes. The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents.

We have also designated a team of executives and managers responsible for governance, strategy, and risk management in the area of cybersecurity. The management of cybersecurity policies is entrusted to individuals with formal education and degrees in information technology or cybersecurity, or relevant experience in cybersecurity fields, including relevant industry experience.

In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis.

Specifically:

•

The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan.

•

The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response.

The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders.

The Control and Risk Committee, the CIO, and the Cybersecurity Manager also meet annually to review the results of risk assessments and adjust the Company’s strategy accordingly.

Cybersecurity Risk Management Processes Integrated [Text Block]

These processes are part of our general enterprise risk management system, and their integration into the Company’s operational procedures, internal controls, and information systems is continuously improving.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents.

Cybersecurity Risk Role of Management [Text Block]

Governance

Our Board of Directors acknowledges the paramount importance of cybersecurity in protecting sensitive data and is responsible for overseeing risk management, including the review and approval of the Company’s approach to risk management and its related processes. The Board of Directors has delegated the oversight of the cybersecurity framework and risk management to the Control and Risk Committee, which reports to the Board of Directors at least once a year or, if necessary, in the event of significant cybersecurity incidents.

We have also designated a team of executives and managers responsible for governance, strategy, and risk management in the area of cybersecurity. The management of cybersecurity policies is entrusted to individuals with formal education and degrees in information technology or cybersecurity, or relevant experience in cybersecurity fields, including relevant industry experience.

In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis.

Specifically:

•

The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan.

•

The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response.

The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders.

The Control and Risk Committee, the CIO, and the Cybersecurity Manager also meet annually to review the results of risk assessments and adjust the Company’s strategy accordingly.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

In particular, the Chief Information Officer (CIO), Pierangelo Colacicco, and the Cybersecurity Manager, Michele De Palma, who is responsible for the Telecommunications & Cybersecurity function within the IT Department, play key roles in cybersecurity management. The CIO has thirty years of experience in IT at the Natuzzi Group and has held his current position since 2007, while the Cybersecurity Manager has held his role since 2022 and has over 15 years of experience as an IT Infrastructure & Networking Manager in various organizations. Both are involved in ensuring the security of the Company’s IT infrastructure on a daily basis.

Specifically:

•

The CIO is responsible for identifying risks and implementing controls to mitigate them, including assessing threats and potential consequences for the organization. He contributes to the drafting of security policies and defines the Company’s IT security standards. Additionally, he manages the incident response plan.

•

The Cybersecurity Manager is responsible for software security and is involved in activities related to prevention, detection, investigation, and incident response.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Control and Risk Committee, the CIO, and the Cybersecurity Manager meet at least once a year to discuss governance and cyber risk management. Moreover, in the event of significant incidents, they meet to assess the impact and, if necessary, initiate the communication process with investors and stakeholders.