The rise of cyber attacks in Italy

The rise of cyber attacks in Italy | White Blue Ocean

While the transition from physical to digital has many benefits, it has also brought about some serious consequences for the unprepared - and preparedness, for some, has been scarce. We can attribute that to the pandemic, where businesses faced a choice: modernise, digitalise or fall behind and risk closure. So, understandably, many companies began to build the infrastructure that would enable remote work schedules, and what resulted was a huge uptick in cloud services, database management, IT training for staff, and so on. What seemed to lag behind, however, was cybersecurity. Since then, many countries have shown huge improvement in the data security of their citizens, but others have struggled. Unfortunately, Italy seems to be one such example.

Italy now finds itself in an uncomfortable position of having a large and profitable economy, but without adequate defense against cyberattacks. This has put a target on their back. They have since come under siege by the world's largest and most sophisticated cybercrime groups, and a majority of Italian businesses have suffered as a consequence.

In this article, we will explore the scale of the issue that Italy faces, and address some of the steps that the country is taking to secure a better digital livelihood for its citizens.

The Italian Problem

"Looking at the situation from a quantitative point of view, in the last 5 years the situation has worsened significantly[.]"
- CLUSIT, translated March 2023

A recent report from CLUSIT, the Italian Association for Cybersecurity, states that the cybercrime issue has worsened. To put into perspective just how bad it is, in 2021 Italy received a 3.4% share of all global attacks - this increased to 7.6% in 2022, and this growth is not showing signs of slowing. The numbers are alarming. CLUSIT reports a 527% increase in cyberattacks on Italian businesses since 2018.

Further, while Italy's growth in digital security seems to be on par with countries like France, Germany, and Spain - all of which rank in the top 10 on the Digital Quality of Life (DQL) index - Italy still remains behind in overall terms when compared to most of Europe and it is struggling to get up to par. Italy's ranking in the DQL index dropped 5 places in 2023, from 19th to 24th, and they only rank 18th in Europe. A similar study conducted by Comparitech on the strength of cybersecurity shows that Italy ranks 54th out of a total of 75 countries studied.


Comparative Growth in CyberCrime - Clusit report 2023


To further illustrate Italy's situation as compared to global trends, the country has always seen disproportionate growth in cybercrime compared to the rest of the world, however, in 2022 this rose sharply. Italy experienced a 169% increase in cyberattacks in 2022 compared to 2021, whereas globally a 22% increase was observed over the same period.

Since 2021, Italian companies have found themselves in the sights of notorious ransomware groups such as Conti, Hive, and Lockbit. Ransomware can be one of the most damaging forms of attack, and studies show that only 7% of Italian companies feel like they are prepared for such an attack. 75% expect to be attacked within the next two years, and almost a third of all businesses surveyed had already been attacked in the last 12 months. CyberEdge, a cybersecurity research consultancy, reports even worse statistics: 87.8% of Italian businesses fell victim to a successful cyberattack in 2021, up from 85.7 in 2020. In 2023, Deloitte has published that 98% of Italian businesses have experienced at least one "cyber violation" in the last year, with serious or very serious damage as a result in two thirds of all cases.

Why does the situation appear so dire? First of all, as mentioned, Italian businesses lacked preparedness for the digital era that was hastened by the global pandemic. Much of the digital infrastructure that was thrown together to enable remote working to take place was flawed, which led to critical data misuse and insecurity. For example, let's consider GDPR fines: Italy ranks second in Europe, only behind Spain, for the number GDPR fines they have been given - and unlike the rest of the worst offenders, the average value of the penalty provided to Italian businesses is much higher at around €460,000. For comparison, Spain's average fine is around €80,000 the same period. This illustrates the scale and severity of some of Italy's data mismanagement.

"It is clear that, despite knowing the risks of cybercrime, many adults continue to take risks due to an incorrect approach to online security."
David EmmPrincipal Security Researcher, Kaspersky

Italy, the world's 8th largest economy, has known issues with data security. This makes it an attractive target in the eyes of cybercriminals. As a result, Italian businesses and citizens have been the targets of increasingly frequent and sophisticated cyberattacks, especially now that the race to digitalise the global economy was hastened since 2018. Reports show that Italians are aware of the issues, however, a Kaspersky survey has revealed that two thirds of Italians fail to take their own cybersecurity seriously, even after they have been attacked. Further, while two thirds of Italians know what phishing is, only one third have taken any action to protect themselves from it. Around half of Italians have never altered their privacy settings, and around half have admitted to using passwords that may be easy to guess or bruteforce.

In 2022, WhiteBlueOcean provided CRIF with data that shows that 46% of all compromised Italian data on the darkweb are email addresses, and an average of 90.5% of all observed email addresses were combined with a password. After email addresses, the most common data type collected from Italian breaches was Codici Fiscali, or Italian tax codes. This data not only comes from companies who have suffered data breaches, but also from vast phishing campaigns that leverage the Italian people's general apathy towards their own data security, causing them to practice poor cyber hygiene whilst browsing the internet.

What is the solution?

To aid Italy's digital transition, the European commission has allocated around €45B towards digitalisation in Italy's National Recovery and Resilience Plan (PNRR). While the scope of this plan is much broader than issues relating to cybersecurity, this funding might present an opportunity for Italy to catch up with its European neighbours not only in terms of connectivity and efficiency, but also safety. By taking advice from the appropriate cybersecurity authorities and leveraging other European funding instruments, particularly those that encourage the uptake of STEM subjects at higher education, it is hoped that the depth and quality of Italy's cybersecurity workforce can be improved. This will contribute to the improved digital security of the Italian economy in the long term.

Strong international collaboration is also pivotal in the face of modern cybersecurity threats. The conversation between Italy and the United States seems fruitful, and plans are being drawn up to strengthen the degree of cooperation between the two countries. This is important, as the United States is a global cybersecurity heavyweight. Italy is also exercising diplomacy with other countries, too: they recently signed a memorandum of understanding on cybersecurity issues with Tunisia. Italy also continues to collaborate with Europol, such as in the takedown of ransomware scourge RagnarLocker. Further, Italy's National Cybersecurity Agency has also joined Microsoft's Government Security Programme. As part of the deal struck between the two parties, Microsoft will contribute towards the training of prospective cybersecurity professionals and the allocate digital resources and mitigation frameworks to assist Italy with the digital threats that it is facing.

GDPR compliance, as well as the establishment of other regulations, can also provide incentive to Italian businesses to ensure good data practice and to maintain a resilient network architecture. For now, Italy still maintains some of the top spots with regards to fines received and total amounts fined for GDPR noncompliance, however, there is clear motivation for businesses to change. In a survey of a sample of Italian business executives, 87% aim to increase their security budget by a minimum of 10% over the next year.

In conclusion

Italy has long been singled out by threat groups, however, the appropriate response could bring about a new age of digital security for Italian businesses and people. Despite having a difficult few years, and bearing the full force of attacks from some of the most sophisticated cybercrime groups we have ever seen, Italy is beginning to make serious progress towards their data security milestones. By changing the minds of businesses, and helping people to take their online safety as seriously as their physical wellbeing, a real cultural shift could take place. And Italy can show its attackers that it is no longer the easy target that it once was.


The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

RDoS: adding the Ransom element to DoS | Read White Blue Ocean Blog
RDoS: adding the Ransom element to DoS

In a continuous effort to find new techniques to extort money from targets, cybercriminals have conceived a new and more aggressive version of the popularised Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. This type of attack, named Ransom Denial of Service (RDoS), first appeared in 2016, but made a comeback in 2020 and 2021, taking advantage of the ever-increasing number of interconnected devices, and of the remote working arrangements caused by Covid-19.

Read more
The dangers of VPN credential leaks | White Blue Ocean
The dangers of VPN credential leaks

The increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.

Read more
The growing cloud of cyberwarfare

Cyberwarfare might seem like a threat of the future, but the reality is that cyberwarfare acts, that have the power to disrupt normal life as we know it and cause destruction in the physical world, are a present danger.

Read more
How to tidy up a data-irresponsible past

The world has never been more interconnected than at the present time, through devices like smartphones, laptops, and The risks of IoT devices, that create, collect, transmit, process, analyse, copy and store unprecedented amounts of data. This has led to concerns on how much control users have over their own data, and what level of privacy they can maintain when navigating online. Read more...

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!