Table of contents
- Accenture’s warning: rising costs and unprepared companies
- The research: AI as a risk multiplier
- The global gap: Europe still lagging behind
- “Reinvention Ready” companies: the model to follow
- Four actions to become cyber-resilient
- A strategic urgency for Italy
Accenture’s warning: rising costs and unprepared companies
According to Accenture’s “State of Cyber Security Resilience 2025”, cyberattacks in Italy could cause €1.4 billion in damages this year. Despite increased public investments rising from €621 million to €700 million thanks to the PNRR only 10% of Italian companies are ready to defend themselves against AI-powered threats.
The average incident cost has increased by 15%, with losses reaching €600,000 for SMEs and over €5 million for large companies. Globally, ransomware attacks have surged by 20%, with AI amplifying their complexity and impact. Accenture’s global survey of over 2,200 executives reveals that 90% of organizations are unprepared for AI-driven cyber risks, and 77% fail to adopt basic data and cloud protection practices.
The research: AI as a risk multiplier
The survey involved 2,286 Chief Security Officers and Chief Technology Officers from large companies worldwide.
The study shows that 90% of organizations are unprepared to deal with new cyber threats enhanced by AI.
In particular, 77% do not implement basic security practices to protect sensitive data, information flows, and cloud infrastructures.
As Marco Molinaro, Accenture’s Head of Cyber Security, explains:
“For every attack made public, there are others that remain hidden. Many companies choose silence out of fear of reputational damage. But the lack of transparency distorts risk perception and hinders the growth of a digital security culture.”
The global gap: Europe still lagging behind
Only 11% of European firms demonstrate advanced cyber security maturity, compared to 14% in North America.
The situation is worse in Latin America (77%) and the Asia-Pacific region (71%), where most companies are still in the so-called “Exposure Zone,” lacking basic strategies and expertise.
The study identifies three maturity levels:
- Exposure Zone (63%)
Vulnerable and reactive firms; - Evolving Zone (27%)
Moderate resilience but lack strategy; - Reinvention Ready Zone (10%)
Adaptive, predictive, and resilient leaders.
“Reinvention Ready” companies: the model to follow
“Reinvention Ready” companies are:
- 69% less exposed to complex attacks;
- 1.5 times more effective at blocking them;
- equipped with greater visibility (1.3x) over IT and OT systems;
- carrying 8% less technical debt;
- and enjoying 15% higher customer trust.
Four actions to become cyber-resilient
To enter the “Reinvention Ready Zone,” companies must:
- Develop a clear security governance model aligned with business objectives.
- Integrate security from the earliest stages of designing systems based on generative AI.
- Make AI systems resilient, with real-time threat detection and response capabilities.
- Use AI itself to defend, automating protection processes and enhancing predictive monitoring.
A strategic urgency for Italy
73% of Italian companies still lack the tools to adequately protect their data and digital infrastructures.
Investing in training, awareness, and good defensive practices is now a strategic necessity, not a choice.
Only by doing so can the economic and psychological impact of cybercrime be reduced, while preserving the competitiveness of the national production system.
