Italy's public institutions have become the primary target of a global surge in ransomware attacks, with hospitals, municipal offices, and government agencies representing 46% of all domestic cyber incidents in 2025—a challenge that has forced lawmakers and telecom giants to fundamentally rethink how the country protects its digital infrastructure.
Why This Matters:
• 166 ransomware attacks hit Italy in 2025 (+14% year-over-year), with the North-West region absorbing roughly 40% of all cases.
• Public sector entities bore the brunt, facing disruptions that paralyzed emergency care, municipal services, and administrative operations.
• National institutions responded by completing 60 of 82 planned cybersecurity measures and proposing a ban on ransom payments for critical infrastructure.
• Defensive investments are now mandatory under new laws covering over 21,800 entities, with €50.6M allocated through 2027.
The Scale of the Threat
The second edition of the Cyber Security Report, compiled by the Cyber Security Foundation and TIM with contributions from TIM's research division, paints a sobering picture of Italy's digital vulnerability. The document, presented at the Camera dei Deputati this week, reveals that global ransomware claims exceeded 7,400 incidents in 2025—a 42% spike compared to the previous year.
Italy's challenge reflects a broader pattern: globally, attackers are increasingly using double and triple extortion tactics—encrypting files, threatening data publication, and launching secondary attacks on victims' business partners or suppliers. This multifaceted approach maximizes pressure on targets, particularly public institutions that face reputational and operational consequences.
Hospitals and Town Halls Under Siege
Healthcare facilities and municipal governments have emerged as the most exposed sectors. Between January and September 2025, CSIRT Italia (Italy's national Computer Security Incident Response Team) logged 60 cyber events in the healthcare sector alone, marking a 40% surge compared to the same period in 2024. Globally, data breaches in healthcare carry the highest average cost at $7.42M per incident, explaining why ransomware operators view hospitals as lucrative targets.
The public administration sector—encompassing state agencies, regional administrations, and municipalities—experienced a 600% increase in cyber incidents according to the Clusit 2025 mid-year report. The Agenzia per la Cybersicurezza Nazionale (ACN), Italy's national cybersecurity agency, recorded 1,140 events affecting national public institutions, with 196 classified as full incidents, compared to 756 the year prior.
When ransomware gangs paralyze a hospital or lock a city council out of its records, the consequences ripple through communities in immediate, tangible ways: canceled surgeries, inaccessible vital documents like birth certificates, frozen payroll systems. Alessandro Colucci, president of the Parliamentary Intergroup for IT and Technology Security, framed the human stakes clearly: "When a hospital cannot guarantee care after a cyber assault, when a municipality is paralyzed, we are not discussing something abstract—we are talking about families, workers, and communities struck at the heart of their fundamental rights."
Manufacturing and Small Business Vulnerability
While public entities topped the victim list, manufacturing and construction firms—particularly small and mid-sized enterprises—suffered disproportionately. These sectors, representing 16.7% of total attacks, often operate with minimal cybersecurity budgets and exposed remote access services. Attackers exploited stolen credentials, unpatched vulnerabilities, and inadequately secured remote desktop protocols to infiltrate networks, leading to prolonged operational outages that threaten business continuity.
Other significantly affected sectors included professional services, telecommunications, transport and logistics, education and research, and ICT providers—a cross-section that illustrates how cybercrime has become an economy-wide risk.
What This Means for Residents and Businesses
The Cyber Security Report emphasizes that Italy's defensive posture is no longer purely technical—it has evolved into "an essential condition for service continuity, productive competitiveness, and national security." This shift is reflected in concrete policy responses.
Under the National Cybersecurity Strategy 2022-2026, the government completed 60 of 82 planned measures by the end of 2025, supported by €50.6M in funding for 2025-2027. The ACN continues to coordinate nationwide efforts, dispatching 46,867 communications to affected entities and publishing 738 public advisories alongside 804 confidential alerts in 2025.
Legislative momentum accelerated with the passage of Law No. 90/2024, Italy's first comprehensive cybersecurity statute, imposing uniform obligations on businesses and public administrations to protect digital assets. This was reinforced by the transposition of the EU NIS2 Directive (Legislative Decree No. 138/2024), which brought over 21,800 entities under mandatory cybersecurity requirements.
In April 2025, a bill introduced to the Senate proposed even bolder measures: a national anti-ransomware strategy including a ban on ransom payments by public and private entities, classification of ransomware as a national security threat, and creation of a permanent task force within CSIRT Italia to support victims. The proposal also included economic incentives for ACN and a national fund to assist ransomware victims.
Protecting Yourself: Practical Steps for Residents
For individuals and small business owners, the risks are real but manageable:
• Enable Multi-Factor Authentication (MFA) on all critical accounts (email, banking, municipal services portals)
• Create and maintain regular backups of important files stored separately from your main systems
• Recognize phishing attempts: Be cautious of unexpected emails requesting passwords or clicking links, especially those claiming urgency
• Keep systems updated: Install security patches promptly for your operating system and software
• Check for breaches: If you use healthcare or municipal services in affected regions, monitor official announcements from those institutions
Resources for reporting concerns or checking breach status:
• CSIRT Italia (www.csirt.gov.it) provides alerts and guidance for both citizens and organizations
• ACN (Agenzia per la Cybersicurezza Nazionale) publishes advisories and cybersecurity resources
• Report suspected ransomware incidents or phishing attempts to local police cyber units
For compliance is no longer optional, and the cost of neglect—measured in downtime, regulatory fines, and reputational damage—far exceeds the investment in preventive measures.
The Geopolitical and Technological Backdrop
The Cyber Security Report attributes the ransomware surge to two converging forces: geopolitical instability and the industrialization of cybercrime. As strategic competition intensifies globally, cyber operations have become intertwined with statecraft, blurring lines between criminal enterprise and nation-state activity.
Simultaneously, artificial intelligence is reshaping the threat landscape. Criminal syndicates deploy AI-generated phishing campaigns and voice synthesis tools to craft hyper-realistic social engineering attacks. Yet AI also empowers defenders: detection algorithms analyze network traffic patterns at speeds and scales impossible for human analysts, enabling faster incident response.
Another concern is the rise of ransomware cartels—strategic alliances among criminal groups that pool resources and coordinate multi-target campaigns with operational sophistication rivaling legitimate corporations.
The report also flagged quantum computing and satellite networks as critical areas requiring future-focused security planning, as today's encryption standards may become obsolete within a decade.
The Silver Lining: Awareness and Cooperation
Despite escalating threats, the report identifies a positive trend: growing awareness and cooperation among institutions, businesses, and the technical community. This cultural shift—from viewing cybersecurity as an IT department problem to recognizing it as a strategic priority—has translated into measurable improvements in prevention and response capacity.
More than two-thirds of Italian companies have implemented dedicated backup solutions and ransomware response plans. The adoption of multi-factor authentication (MFA) and advanced encryption systems has become standard practice. Public-private partnerships, facilitated by ACN and industry associations, are enabling smaller firms to access threat intelligence previously available only to large enterprises.
Colucci emphasized this broader perspective: "We need a nationwide system capable of protecting citizens, strategic infrastructure, and corporate competitiveness together. That is why we must invest in a preventive and widespread culture of IT security—from public administration to SMEs, from schools to essential services. Digital security is both a condition of freedom and a democratic priority."
Europe's Shifting Ransomware Landscape
Italy's challenge is part of a broader European pattern. In 2025, Germany overtook the United Kingdom as the most-targeted country on the continent, while Italy dropped to fourth place regionally (though it remains sixth globally). France and Spain also rank among the continent's most-affected nations. Across Europe, victims accounted for nearly 22% of global ransomware incidents, with the United States absorbing nearly half of worldwide attacks.
The number of known software vulnerabilities climbed 20% to nearly 48,500, providing attackers an expanding menu of exploitable weaknesses. Meanwhile, Distributed Denial of Service (DDoS) attacks decreased by 36% to approximately 4,300 incidents, though their impact per event increased, suggesting more targeted operations.
A National Priority, Not a Technical Problem
The Cyber Security Report concludes that Italy's cyber resilience hinges on treating digital security as a structural dimension of national security, not a technical afterthought. The convergence of legislative action, institutional coordination, private-sector investment, and public awareness offers a framework for managing evolving risks.
For residents, the message is straightforward: ransomware is no longer an abstract risk confined to corporate boardrooms. It affects hospital wait times, municipal service availability, small business survival, and the reliability of everyday digital services. The good news is that Italy's institutions are mobilizing resources and building defenses at an unprecedented scale. The challenge is ensuring those efforts reach every corner of the economy before the next wave of attacks arrives.
