Cyber attacks are multiplying and Italy has its excellence: but it must equip itself with the skills for a widespread culture in the company

This wave translates into a booming market. According to the Cybersecurity & Data Protection Observatory of the Politecnico di Milano, the Italian cybersecurity market is expected to reach EUR 2.5 billion in 2024, up 15 per cent from 2023.

Despite this, 'threats are growing more than investments': 73 per cent of large companies claim to have experienced at least one significant attack in 2024 and many companies recognise that they still do not have adequate control over processes, people and technologies.

What is growing is not only spending on technology, but above all on managed services, consultancy and training, a sign that organisations are looking for external partners to fill a skills gap that they cannot quickly build internally.

On the European front, Enisa's first EU Cybersecurity Index assigns the European Union an average score of 62.65 out of 100, photographing a 'two-speed' Europe: good on policy and prevention, weaker on operational capabilities.

For once, Italy stands above the European average, 'distinguishing itself for a solid cyber protection and cooperation infrastructure'. In particular, our country excels in terms of resilience of essential entities based on the management of major incidents,

national threat monitoring, international cooperation and operational mechanisms against cybercrime. Itu's Global Cybersecurity Index 2024 also rewards our country, which enters the world's top group thanks to investments, advanced regulation and a more mature institutional architecture.

But this is no time for complacency: the same Enisa index highlights some structural weaknesses at European level, which also affect Italy. The use of artificial intelligence technologies for ICT security has an average score of just 3.18/100, while investments in cybersecurity by the most relevant and essential entities stop at 7.14/100. In short, Europe has built rules and structures, but has not followed up with adequate investments - especially on the AI front - to withstand the impact of increasingly automated threats.

Looking at how one is affected, the Clusit picture is clear: globally, malware, particularly ransomware, remains the most widespread technique, covering about a quarter of incidents, while the exploitation of vulnerabilities and DDoS attacks is growing rapidly, accounting for 84% in the first half of 2025. Incidents caused by zero-day vulnerabilities show a 'critical' impact rate of around 50 per cent, a sign of how difficult it is to defend oneself when no patches are yet available.

In Italy, there is a peculiarity: the majority of known incidents are classified as hacktivism. In the first half of 2025, attacks with a demonstrative or political matrix accounted for 54 per cent of incidents, surpassing purely criminal ones; many are DDoS conducted by pro-Russian groups against institutional sites, airports, ports, and players in the financial world. Indeed, it is no mystery that our country is on the frontline of a geopolitical war that is being fought on the edge of the conflict in Ukraine.

This does not mean that the economic dimension is negligible: cases of ransomware blocking production or public services continue to increase and Clusit points out that incidents with high or critical impact have grown by 143% in five years globally.

In the Clusit Report 2025, an entire section is dedicated to agent artificial intelligence, with a simple message: AI is no longer a futuristic topic, but a powerful lever, already used to both attack and defend.

On the one hand, generative models make it possible to produce hyper-credible phishing in multiple languages, to write or adapt malicious code, and to create audio and video deepfakes for fraud and social engineering that are difficult to recognise and, therefore, have a large margin of credibility and impact.

On the other, AI becomes a powerful defence weapon for correlating logs, detecting behavioural anomalies, classifying incidents and even supporting the management of regulatory requirements. But, as Enisa points out, the spread of these techniques in the corporate world is still limited: the indicator on the use of AI for corporate ICT security is among the lowest in the entire European index.

It is here that the issue of skills comes back with force: without specialists capable of designing, governing and evaluating AI-based tools, the risk is that only attackers will really take advantage of the technological leap.

On the institutional front, the Italian answer is called the National Cybersecurity Agency. Established in 2021, it is in charge of streamlining the fragmented national cyber architecture, coordinating the culture, the team that manages responses to cyber attacks, and implementing the National Cybersecurity Strategy 2022-2026, articulated in 82 measures to be completed by 2026.

Among the most important levers is the implementation of the Nis2 directive and the legislative decree that expands the number of essential and important actors, introduces risk management and notification obligations within 24 hours, and gives Ach the role of competent authority and single point of contact. But also of great importance in the Agency's strategy is the qualification of the cloud for the Public Administration, with stringent requirements for security, business continuity and data protection, and support for projects such as the National Strategic Pole, which offers highly reliable cloud infrastructures for critical PA data and integrates advanced defence mechanisms.

The regulatory framework is being rapidly consolidated. The real test will be the ability to transform these rules into everyday practices in companies and administrations, especially in the thousands of SMEs that form the backbone of the Italian economy and are particularly susceptible to these threats.

The data tell, therefore, a dual story. On the one hand, Italy is still very exposed: it suffers more accidents than the world average, has a production fabric made up of many small and medium-sized companies that are often poorly protected, and lags behind in basic digital skills. On the other hand, it is among the countries that have invested the most in governance, strategies and infrastructures, earning high positions in European and international indices.

The game is now played on three fronts: skills, structural investments and organisational culture. Without adequate professionals, technologies remain empty boxes; without continuous investment, attackers will continue to run faster; without a widespread security culture, even the best regulatory framework risks remaining on paper. The challenge now is to ensure that the skills 'hole' does not become the real vulnerability of digital Italy.