Cybersecurity, with artificial intelligence +49% of attacks in 2025

Despite efforts to spread security practices, and to raise defences, thanks also to European and Italian regulations that oblige the introduction of digital resilience practices, 'we are not getting better at preventing incidents, but also at limiting their effects'. This is underlined by Alessio Pennasilico, member of the CLUSIT scientific committee. But even in the presence of a continuous growth of attacks year on year for the past 13 years that "risks seeming boring" as Sofia Scozzari member of the CLUSIT Scientific Committee argues, it is necessary to become aware that "under no circumstances can we afford not to defend ourselves because AI affects attacks to such an extent that it makes and Cyber risk increasingly a business risk and not just a technological one." The reasons for this change in the level of risk can also be found in the words of Clusit President Anna Vaccarelli "Cybersecurity is a fact of the news and has become an urgency, due to the pervasive effect, which affects people's lack of confidence in the digital environment to be addressed with greater caution. Attacks are more sophisticated thanks to AI and although regulations help resilience, it is not always enough because some sectors are a prime target for profit. The AI to be used in defence supports resilience but the AI itself is a target of attack and its resilient design must also be part of the production process'.

Data from the Clusit report for Italy The new edition of the CLUSIT 2026 report presented in advance to the press shows for Italia a 42% increase in attacks compared to 2024, amounting to 507 incidents compared to 357 in 2024, with a prevalence of cyber criminals (61%) and activists (39%). There was also a small percentage of incidents in the espionage/sabotage category (0.4%, compared to 3% of the global figure). The typology of victims sees the government, military, law enforcement sector attacked in 2025, with more than 28% of incidents, an absolute increase of 290% compared to 2024, followed by manufacturing, with 12.6% of incidents. The multiple targets category (different organisations falling victim to generalised attacks) suffered 12.4% of incidents; transport and logistics at 12%, (but up 134.6% year-on-year); the trade sector almost doubled compared to 2024, and the health sector saw a reduction in the incidence of attacks in the total compared to the previous year, with 1.8% of incidents. In 2025, mainly DDoS incidents took place (38.5% of cases, they were 21% in 2024), while malware dropped to 23%, down 14 percentage points from 2024. Phishing/social engineering accounted for 12.4 per cent, up 66 per cent from last year thanks to AI. A weakly comforting fact concerns the level of impact in Italia, which is considerably lower than the global figure: high impact attacks account for just over 39%, while medium/low severity incidents stand at 52%, doubling

compared to 2024, a percentage change of 97 per cent. A figure that reflects how far we still have to go to effectively raise digital defences.

Also worldwide, a 49% year-on-year growth was observed, amounting to 5,265, the highest absolute number recorded to date, mainly motivated by cybercrime (89% of the total and up 55% compared to 2024) and activism (+10%), followed in smaller percentages by espionage/sabotage and information warfare. One in four incidents worldwide was caused by malware +18% compared to 2024, while one third of the incidents recorded in 2025 (+8 percentage points) fall under 'undisclosed' techniques (official communications lacking technical transparency, ed.), a critical finding for security analysis that does not allow for adequate defences to be developed. Vulnerabilities are exploited in 16.5 per cent of cases, (up 65 per cent on 2024), while attacks with phishing and social engineering techniques increase by 75 per cent, with a substantial contribution from AI.

2025 incidents are associated with such increased levels of severity that a new 'extreme' category has been created to classify attacks with catastrophic impact for the victim company. Evidence shows the number of 'high-impact' incidents in 2025 grew by 66 per cent year-on-year to 55 per cent of the total, while the growth in 'critical' incidents stood at 46 per cent year-on-year, which becomes 60 per cent if the number of 'Extreme' severity incidents are included.