Italia is the sixth country in the world for ransomware, attacks have doubled in a year

More than 520,000 security events, of which 30.3 per cent evolved into an actual incident. Of these, only 741 reached critical level. In these three numbers lies the 2025 of Yarix, the Treviso-based B2B cyber security company that is part of the Var Group and that this morning presented in Milan the 2026 edition of its Y-Report, the ninth edition of a document that annually takes stock of IT security in our country.

Italia is the sixth country in the world in terms of the percentage of ransomware attacks suffered. These are those episodes in which attackers encrypt a company's data and demand a ransom to free it: in 2025, 2.27% affected Italian companies. Our country has dropped from fifth to sixth place in the ranking of the most affected countries, but there is little to be cheerful about: "in absolute numbers, these attacks have doubled since 2024," said Diego Marson, Chief Security Officer of Var Group.

The data released concerns companies with more than 1,000 employees and a turnover of more than EUR 50 million. Manufacturing companies were hit hardest (17.9 per cent). "This is not only because it is the sector with the greatest presence in Italia, but also because it is exposed to situations where there are legacy environments due to the need to operate industrial infrastructure" that are more vulnerable, explained Marco Iavernaro, Global SOC Manager at Var Group, during the press conference presenting the report.

In addition to active defence in the face of attacks, Yarix also dealt with threat intelligence, i.e. the collection of information as a preventive measure. And more than 4,000 events were intercepted between data exfiltration attempts and phishing attacks.

A picture, the one described by the Yarix report, in which artificial intelligence is playing an increasing role. "We have moved from a cyber security managed by humans to one managed by AI and supervised by people. This applies to those who defend, but also to those who attack and has obviously amplified the complexity," explained Var Group Head of Cybersecurity Mirko Gatto. "By the end of July," he added, "we will launch a security operation centre test, in shadow mode, leaving the management of the L1 level to artificial intelligence." That is, the first of three levels of threat management, the one where we do the initial analysis and determine the criticality of threats. This is a way of 'removing the background noise' and letting human analysts focus on what can really become a risk to companies' cybersecurity.