At a time when cybersecurity is increasingly intertwined with geopolitical balances, cyber risk is growing for citizens, businesses and institutions. On the one hand, artificial intelligence accelerates threats and makes them more scalable; on the other, it offers new capabilities for analysis and defense. In this context, in 2025 ransomware attacks totalled more than 7,400 claims worldwide, up 42% on 2024, while in Italy there were 166 cases, an increase of 14%. Around 4 out of 10 incidents recorded in Italy were concentrated in the north-west of the country, with Lombardy accounting for more than 30% of the national total. This is one of the findings of the second edition of the Cyber Security Report – Analysis of Threats and the Evolution of the Scenario, produced by the Cyber Security Foundation and TIM with the contribution of the TIM Study Centre and presented today at the Chamber of Deputies. At the same time, the report also highlights a positive trend: growing awareness and cooperation among institutions, businesses and the technical community now represent a key lever for turning threat analysis into concrete prevention, response and resilience capabilities.
At the root of ransomware’s acceleration lies a process of cybercrime industrialization, fuelled by an increasingly unstable international context in which cyberattacks are ever more closely intertwined with dynamics of geopolitical pressure and strategic competition. In this scenario, artificial intelligence plays a dual role: it is used to automate the production of malicious code and refine social engineering techniques, but it is also becoming an increasingly important lever to strengthen prevention, analysis and response capabilities. The Report, also built on data processed by the TIM Study Centre, aims to provide an organic and accessible interpretation of the evolution of the cyber threat. It is not simply a snapshot of the attacks observed, but a tool for analysis and guidance for citizens, businesses and institutions that must confront a risk that has now become structural for the continuity of essential services, the competitiveness of the production system and the country’s overall security.
The press conference, promoted by the Cyber Security Foundation and TIM, opened with welcome remarks by Hon. Alessandro Colucci (President of the Parliamentary Intergroup for IT and Technological Security). Speakers included Marco Gabriele Proietti (President of the Cyber Security Foundation), Matteo Macina (Head of the Cyber Security Report project and Operational Vice President of the Cyber Security Foundation), Amy E. Iacoi (Regional Attaché, Homeland Security Investigations, U.S. Embassy and Consulates in Italy), Ivano Gabrielli (Director of the Postal Police and Cybersecurity Service), Gianluca Galasso (Director of the Cyber Operations and Crisis Management Service at ACN), Alessandra Michelini (Chief Executive Officer and Chairwoman of Telsy) and Riccardo Rasponi (Account Director, Recorded Future).
“When a hospital is unable to provide care after a cyberattack, when a municipality is paralysed by a ransomware attack, we are not talking about something abstract: we are talking about families, workers and communities struck at the heart of their fundamental rights. The figures in this Report are not statistics: they are the concrete measure of a threat that has taken on full parliamentary and national relevance. As an Intergroup, we believe that addressing it requires a clear political vision and structured collaboration between the public and private sectors: institutions alone are not enough, just as businesses or the technical community acting separately are not enough. We need a country system capable of jointly protecting citizens, strategic infrastructures and the competitiveness of our companies. That is why it is essential to invest in a culture of information security that is preventive and widespread, from public administration to SMEs, from schools to essential services. Digital security is a condition of freedom and a democratic priority: Parliament has the responsibility to translate it into clear rules, adequate resources and concrete safeguards for all,” said Hon. Alessandro Colucci (President of the Parliamentary Intergroup for IT and Technological Security).
The second edition of the Report is based on evidence gathered by the TIM Group’s defence systems during 2025 and is enriched by insights from Insikt Group, Recorded Future’s Threat Intelligence unit, as well as by the analytical contribution of the TIM Study Centre, which helps place the data in an economic, industrial and country-system perspective. The document is divided into four areas: main attacks, sector-specific insights, regulatory elements and emerging technologies.
“The growth of cyber threats confirms that digital security can no longer be seen as an exclusively specialist or merely defensive issue. Telecommunications networks, data, cloud infrastructures and communication systems are essential strategic assets for the country’s operational continuity and for the competitiveness of the economic system. For this reason, the response cannot be limited to emergency management: it is necessary to invest in digital sovereignty, skills development and secure technologies, while at the same time strengthening collaboration among institutions, industry and the research world. In this perspective, cybersecurity represents a genuine driver of growth and innovation. It helps generate trust, protect national strategic assets and make digital transformation more resilient, sustainable and competitive over the long term,” said Alessandra Michelini (Chief Executive Officer at Telsy).
Fewer events, more pressure. On the DDoS front, the Report highlights around 4,300 events, down 36% compared with 2024, also as a result of preventive measures put in place. The contraction in volumes, however, does not signal any easing of the threat: attacks are less widespread but more targeted, persistent and concentrated on strategic targets, with the aim of maximizing operational impact. Campaigns were in fact more concentrated, with a 19% increase in average exposure time. Excluding attacks against families and citizens, which account for around 7 out of 10 cases detected by TIM’s SOC, the Government sector rose to 46% of the total, followed by professional services, telecommunications and transport. Overall pressure, therefore, is not decreasing it is changing shape and increasingly focusing on entities and services of high systemic relevance.
Ransomware confirms a sharp global acceleration, with almost one in two incidents occurring in the US, whilst the EU is the second most affected region, accounting for 16% of cases. The sharpest increases recorded across various European regions have reshaped the ranking of the most affected countries: Germany has overtaken the UK, whilst Italy has dropped to fourth place. Manufacturing and professional services were the sectors hardest hit, confirming how industrial density, operational continuity and reputational pressure are significant exposure factors.
“Digital security is no longer a technical issue: it is a democratic issue. Cyberattacks are now instruments of geopolitical pressure, levers of economic destabilization and vectors of interference in democratic processes. Ignoring this dimension means leaving citizens, businesses and institutions without the tools to understand what is happening. The Report stems precisely from this responsibility: to make reading of a threat that continually changes shape and intensity accessible, turning knowledge into an initial, concrete form of collective defense. As the Cyber Security Foundation, we believe cybersecurity must become a widespread culture, capable of speaking to institutions, businesses and citizens. Because a more digitally aware country is, first and foremost, a safer country,” stressed Marco Gabriele Proietti (Founder and President of the Cyber Security Foundation).
The document also focuses on malware campaigns, which in 2025 affected entities in around 200 countries, and on the growth of known vulnerabilities, which reached almost 48,500, up 20% compared with 2024. The Report also includes a focus on zero-days, flaws not yet known to vendors and therefore without patches, which can become tools for markets, espionage or strategic cyber operations. In this context, artificial intelligence emerges as a threat multiplier, capable of accelerating phishing, fraud, abuse of cloud services and manipulation, but also as a potential defensive lever for triage activities, vulnerability analysis and support for Security Operation Centers.
“Nowadays, digital security concerns not only institutions and the national economy, but first and foremost the people. New technologies and artificial intelligence offer extraordinary opportunities, but they can also be used to fuel fraud, manipulation and increasingly sophisticated attacks. To tackle these challenges, we need to invest in prevention, training and collaboration between institutions, businesses and citizens. Cybersecurity is no longer merely a technical issue: it is a social and cultural issue that involves the whole community. Only through appropriate skills, widespread awareness and strong public-private cooperation will it be possible to build a safer, more reliable and more resilient digital ecosystem,” said Ivano Gabrielli (Director of the Postal and Cyber Security Police Service).
Alongside the operational reading of threats, the Report also addresses the European and national regulatory framework, with reference to cyber resilience, the protection of critical infrastructures, obligations for the most exposed organizations and the management of technological dependencies in supply chains. The final section looks at emerging technologies and new risk fronts: promptware, quishing, QRishing, smart devices, virtual and augmented reality, quantum-safe cryptography and satellite network security. AI, quantum computing and space emerge as three decisive frontiers: artificial intelligence accelerates phishing, fraud and manipulation but can also support defense; quantum technologies open the risk of “harvest now, decrypt later”; satellite networks are becoming increasingly strategic infrastructures to protect and govern.
“The cyber threat is now a fundamental aspect of national security and the resilience of the country’s systems. Artificial intelligence is accelerating the speed and sophistication of attacks, drastically reducing the time between the discovery of vulnerability and its exploitation. In this scenario, it is essential to update internal processes, strengthen capabilities in threat intelligence, detection, vulnerability management and crisis management, and rapidly transform data into operational decisions. It is equally important to establish risk management processes and a thorough understanding of the threat landscape in order to achieve genuine operational readiness and continuous resilience,” emphasized Gianluca Galasso (Director of Cyber Operations and Crisis Management at the National Cybersecurity Agency).
With this second edition, the Cyber Security Report confirms itself as a useful tool for reading the evolution of digital threats and linking it to the priorities of the country system. The picture that emerges is clear: cybersecurity is no longer merely a technological issue, but an essential condition for service continuity, the competitiveness of the production fabric and national security.
TIM Press Office
+39 06 36882610
Ufficio stampa Cyber Security Foundation
Giovanni Cioffi
+39 347 2188381
https://cybersecurityitalyfoundation.it
Rome, 9 June 2026
