Cybersecurity, surge of attacks in the energy sector

Maticmind's Cybersecurity Competence Centre report: cyber attacks are increasing, changing, becoming politicised. And Italy is in the crosshairs

by Andrea Biondi

21 August 2025

3' min read

Translated by AI

Versione italiana

3' min read

Translated by AI

Versione italiana

In 2024 alone, cyber incidents in the energy sector grew by 40% compared to the previous year at global level. And the forecasts for 2025 also speak for themselves: a further +21% is to be expected, with a particularly significant figure for Europe, which now receives almost 60% of global attacks.

The new report on cybersecurity in the energy sector, produced by Maticmind's CyberSecurity Business Unit, depicts a rapidly deteriorating landscape for energy companies.

After all, the digitisation of power grids or even the spread of IoT sensors have widened the attack surface. Every connected component becomes a potential gateway. And cyber crime knows this. The victims are both large operators and supply and distribution companies, which are often less well prepared. The methods of entry? Stolen credentials, unprotected remote access, out-of-date software.

In this context, it is not only quantity that is shaking the sector, but quality. For the first time, politically or ideologically motivated attacks have overtaken economically motivated ones. In the first quarter of 2025, 58 per cent of cyber incidents in the energy sector can be traced back to hacktivist groups (that hybrid form of digital activism).

The year 2025 marks a sharp turnaround in attack techniques: DDoS (Distributed Denial of Service) attacks, those that massively impact networks by blocking their operation, have exploded, particularly in Italy where a +107% increase was recorded in the first months of the year. However, ransomware (malware that can block access to a user's data or system, demanding a ransom to restore access) also gives no respite: +64% in our country, with an increase of 80% globally in the two-year period 2023-2024.

Groups such as LockBit, AlphV and Qilin have turned on energy infrastructures, attracted by the high value of information and the vulnerability of Scada (computer systems used to control and monitor industrial processes and infrastructure) and IoT systems.

In parallel, there is an apparent collapse of mentions of the energy sector on the dark web: -75% in one year. But this is only an optical illusion. According to analysts, this silence could mask a move towards closed forums and encrypted environments. Italy, in particular, remains one of the most 'mentioned' targets in digital black markets, especially for the sale of credentials and corporate access.

Europe is reacting. The NIS2 directive, which has been in force since the end of 2024, imposes new security standards and stringent reporting requirements: 72 hours to report an attack and penalties of up to 2 per cent of turnover for those who do not comply. The new European Network Code on electricity network security pushes in the same direction.

But compliance is not enough. The problem, Maticmind analysts explain, is also structural. An uncomfortable truth emerges forcefully in the report: much energy infrastructure is old. Too old. In some countries, such as the United States, the average age of electrical systems is over 40 years. Legacy systems, not designed to withstand the impact of modern threats, represent the deepest crack in the industry's defences today.

The answer? The report calls for a paradigm shift: it is no longer enough to 'defend'. 'We need to anticipate, prevent, design in security and react dynamically. The zero-trust approach, public-private collaboration and true organisational maturity in the cyber sphere are the weapons to be honed. Also crucial are 'threat intelligence' platforms capable of integrating internal sources, Osint and commercial feeds, to anticipate anomalous patterns and malicious behaviour. And we must not forget the role of 'digital twins', increasingly crucial tools for continuously testing digital architectures and identifying possible attack vectors in advance based on critical issues. In today's interconnected world, energy is no longer just a matter of production and consumption. It is geopolitics, it is economics, it is national security. And as technology advances, threats run faster. The challenge is now: resisting is not enough, you have to be ready,' comments Pierguido Iezzi, Cyber Security Director at Maticmind.

Andrea BiondiVicecaposervizio
Luogo: Milano
Lingue parlate: Italiano, Inglese, Francese
Argomenti: Finanza, Media, Telecomunicazioni, Economia dell'entertainment, Innovazione
Scheda autore
Trust project