The first Cyber Security Report, published by TIM and the Cyber Security Foundation (the first non-profit foundation in Italy focused on cybersecurity), reveals an increase in sophisticated cyberattacks and ransomware targeting manufacturing and services. In 2024, cyber threats in Italy increased in number, sophistication, and, above all, targeting. The report examines the evolution of digital attacks in Italy, focusing on two rapidly growing phenomena: DDoS and ransomware attacks.
The number of DDoS attacks, which aim to block access to sites and online services by overwhelming them with simultaneous requests, increased by 36% compared to the previous year. On average, there were 18 events per day. However, it's not just the number that's striking; nearly four out of ten attacks exceeded 20 Gbps in intensity, which makes them more difficult to detect and defend against. Execution methods have also evolved, with attacks now hitting multiple points within the same organization — such as sites, networks, and devices — rendering many traditional countermeasures inadequate. It is important to note that these attacks have increasingly affected public administration. Its exposure increased from 1% to 42% of the total in a single year. This is a sign of a change in strategy by malicious actors and an indication of an increasingly unstable geopolitical context.
Ransomware, a technique that involves blocking or encrypting sensitive data and then demanding a ransom, continues to pose a real threat. With 146 officially detected cases in 2024, Italy is the second most affected country in the European Union. The sectors most vital to the economy were primarily targeted: 58% of the attacks affected services, and 26% involved manufacturing. One cause of the phenomenon's expansion is the spread of Ransomware-as-a-Service. Criminal groups develop malicious software and make it available to others, thereby expanding the pool of potential attackers to include those with fewer technical skills.
The report also devotes ample space to new technologies that are changing the face of cybersecurity. Artificial intelligence is already a double-edged sword today. On the one hand, it enables faster and more proactive defense by detecting anomalies and automating incident responses. On the other, attackers use it to make phishing campaigns more credible, create manipulated content (such as deepfakes), and design more targeted, difficult-to-intercept attacks. In parallel, the European regulatory environment is also shifting. In 2024, new directives and regulations came into force, including the Network and Information Security Directive (NIS2), the Cyber Resilience Act, and the Digital Operational Resilience Act (DORA). These new regulations impose higher security standards for digital infrastructures and empower small and medium-sized enterprises that are often less equipped.
This morning, the report was presented to the Chamber of Deputies in the presence of various institutions, as well as numerous cyber and digital security experts and operators.
Gianluca Galasso, director of the Operations Service of the National Cybersecurity Agency: "Our country is among the most affected in Europe. Attacks are becoming increasingly aggressive, and ransomware poses the greatest threat to the productive sector. In this scenario, cooperation with structured operators is essential. Initiatives such as the HyperSoc platform, developed according to defined requirements with the support of various private entities, aim precisely at sharing technical data and high-value risk indicators quickly and effectively.”
Ivano Gabrielli, director of the Postal and Communications Police: "We need a systemic approach. Cyber threats are no longer just about specialists. Citizens, companies, and institutions each have their own role to play in ensuring the security of spaces where fundamental rights are exercised. Alongside technology, we need culture, training, and shared responsibility."
Marco Gabriele Proietti, founder and president of the Cyber Security Foundation: "This report is much more than a technical snapshot. It is an invitation to change the pace. The numbers reveal a complex reality that underscores the necessity of promoting a culture of digital security that transcends the emergency and becomes part of our daily lives. The Cyber Security Foundation was set up for this reason: to educate, raise awareness, and establish synergies and tangible connections between the public and private sectors, pooling experiences, skills, and responsibilities. Data is not just an analytical tool; it is a collective asset that must be shared and safeguarded with transparency and foresight for the benefit of the entire country.
Eugenio Santagata, Chief Public Affairs, Security and International Business Officer at TIM: "As an infrastructure operator, TIM intercepts early signs of cyberattacks every day, which allows us to contribute valuable data and analysis. The report stems from a clear need to provide the country system with a solid information base to strengthen common defences."
The Hon. Alessandro Colucci (Presidential Secretary of the Chamber of Deputies and President of the Parliamentary Intergroup for Computer and Technological Security), Matteo Macina (Operational Vice President of the Cyber Security Foundation), and Angelo Tofalo (Director of the Foundation's Technical Scientific Committee) also spoke at the event.
"This report,” Colucci explains, “represents an important and valuable tool for the activities of the parliamentary intergroup that I lead: data, analyses and insights that represent the basis on which we can build an effective regulatory initiative. But it is also and above all a contribution and support for training and awareness-raising on cyber security and cyber threats, which affect all segments of the population transversally. It is only through an aware citizenry that we can successfully meet the challenges raised by technology. Our task, as representatives of institutions, is to ensure that families, businesses and citizens have adequate tools to defend themselves against the everyday and increasingly insidious dangers of the digital domain. As the document shows, we are faced with an escalation of cyber dangers in all forms. This requires prompt and systemic responses. Digital security is now a national priority.”
The analysis, based on data collected by TIM's Security Operation Center and supplemented by contributions from the Cyber Security Foundation, is available to download. It is intended to raise awareness and promote knowledge of cybersecurity as a strategic issue affecting the economy, institutions, and the public, not just a technical one.
Rome, 12 June 2025
