According to the Clusit 2025 Report, in the last five years, Italy has seen a significant increase in cyberattacks. After the pandemic, cyber events have grown in both number (the monthly average rose from 156 in 2020 to 295 in 2024) and intensity1.
The worsening of geopolitical tensions, linked to the ongoing Russia-Ukraine conflict and changes in Middle Eastern dynamics due to the Hamas attacks and Israel’s strong reaction, has contributed to a significant rise in cyber incidents in Italy. Between May and November 2024 alone, 1,193 cyber events were recorded, with particularly significant impacts on the public administration and university research sectors2.
In an already complex context, new issues have emerged with the spread of generative artificial intelligence, which has become an effective tool in the hands of attackers to refine and intensify their illicit activities. The use of these new technologies has led to a proliferation of digital conflict, particularly through Distributed Denial of Service (DDoS) attacks.
These types of cyberattacks have been carried out by hackers, criminal groups, and a growing number of activists targeting public institutions and private organizations, contributing to a general climate of uncertainty. Driven by political or social motives, hacktivists such as the famous Anonymous violate systems and leak sensitive data to denounce political or economic decisions deemed unjust or inequitable.
In some cases, however, there has been a well-founded suspicion that foreign powers are behind such “hacktivism” initiatives, aiming to create psychological warfare, disinformation, and systematic sabotage of the most vulnerable systems. Unfortunately, in this scenario marked by worrying instability, Italy remains among the countries most affected by cyberattacks3.
The latest and most advanced monitoring techniques from the National Cybersecurity Agency (ACN) have succeeded in identifying the most frequent targets of these threats, pinpointing not only assets already at risk but also those potentially vulnerable. This has allowed previously unnoticed attacks, manipulations, and infiltrations in systems to come to light.
But what exactly is cybercrime? This term generally refers to criminal activities that exploit the technical vulnerabilities of computer systems or the careless behavior of users, exposing them to risks of fraud, unauthorized access, or theft of sensitive data.
Attacks are often carried out through social engineering techniques aimed at manipulating victims’ behavior to disclose confidential information: for example, a hacker may impersonate an authoritative figure to gain access credentials, targeting particularly vulnerable individuals such as junior employees or administrative figures. Among the most common illicit activities is phishing, which involves sending misleading communications, often via email, to steal financial data or access codes.
Alongside ordinary cybercrime, there is also cyberterrorism, which exploits the internet to spread violent ideologies, destabilize institutions, and generate fear, taking advantage of society’s increasing dependence on online services. A notable case is the 2010 attack by the Iranian Cyber Army, which compromised the Chinese search engine Baidu.
Cyber warfare, while similar in tactics, has different objectives, aiming to attack the enemy’s critical infrastructure. The cyberspace has become a new battlefield for geopolitical confrontations, as evidenced by the significant case of Stuxnet, a worm malware designed (and deployed) to sabotage Iran’s nuclear facility.
Malware, specifically, represents the most sophisticated cyber weapon: malicious software designed to damage devices and computer networks. Among the most dangerous are trojans, which appear as legitimate applications but allow the attacker to take control of the infected device, and ransomware, which locks access to data and demands a ransom for its release.
Large companies and public administrations are prime targets, as the consequences of losing sensitive data are often more severe than paying the demanded ransom.
In the corporate world, protecting digital assets has become essential. An effective information risk management system involves identifying and assessing risks, measuring potential impact, and defining appropriate countermeasures. It is crucial to identify the most vulnerable business areas, strengthen existing protection systems, and, when appropriate, take out specific insurance coverage against cyber risks. However, adopting advanced technologies alone is not enough. Effective defense cannot disregard the training and awareness of staff: experience shows that the human factor represents the weakest link in the security chain. A workforce not adequately prepared for today’s challenges can compromise even the most sophisticated technical systems.
In conclusion, cyberspace has reshaped contemporary reality, offering extraordinary opportunities but also creating new classes of risk. Cybersecurity can no longer be seen as a technical option, but as a strategic priority: every public and private organization must develop strategies to identify potential attacks in a timely manner, react quickly, and mitigate damages, restoring the full operation of systems rapidly. Only in this way can we maximize the benefits of digital transformation while minimizing the associated risks and contributing to the overall security of the country.
- Clusit Report on Cybersecurity in Italy and Worldwide ↩︎
- ACN, Operational Summary, November 2024 ↩︎
- Clusit Report on Cybersecurity in Italy and Worldwide ↩︎
