Table of contents
- The overall picture: fewer attacks, but the threat remains high
- The digital geography of Italy
- The most affected sectors
- The main threats
- Cybercrime leads the motivations
The overall picture: fewer attacks, but the threat remains high
In the third quarter of 2025, Italy recorded 1,161 cyber security cases including attacks, incidents, and privacy breaches marking a 10% decrease compared to the previous quarter. The data comes from the Threat Intelligence Report released by the Exprivia Cyber Security Observatory, which analyzed 196 open sources including company websites, news agencies, blogs, and social media.
Despite the apparent improvement, the report warns: Italy remains one of Europe’s most exposed countries. As digitalization increases, so does the attack surface for cybercriminals.
The digital geography of Italy
For the first time, Exprivia introduces an analysis linking IPv4 addresses per inhabitant to the level of regional digitalization. Results highlight a clear North–South divide:
- Lombardy, Lazio, Tuscany, and Piedmont lead with a high density of networked addresses and advanced technological infrastructures;
- regions such as Basilicata, Molise, and Valle d’Aosta show lower figures, signaling limited connectivity and lower digital maturity.
In Southern Italy, Apulia ranks third (after Campania and Sicily) for connected addresses, exceeding 70,000 per million inhabitants an encouraging sign of growth, but also a greater exposure to cyber risks.
“Digitalization without security is not progress, it’s exposure to risk,” said Domenico Raguseo, Exprivia’s Cyber security Director. “Knowing the digital terrain is as important as knowing how to defend it.”
The most affected sectors
The Finance sector was once again the most targeted in Q3 2025, with 439 incidents, followed by Software/Hardware companies (352) and the Retail sector (135). The Public Administration recorded 72 cases, mainly involving data breaches and document management system compromises.
The ICT Providers segment including cloud services, digital platforms, and payment systems accounted for 35% of total incidents (412 cases), confirming its strategic importance and vulnerability.
The main threats
Phishing and social engineering remain the most common forms of attack, responsible for 572 cases (about half of the total).
Malware attacks follow closely with 475 cases, while known vulnerabilities (37) and DDoS attacks (32) rank much lower.
In terms of damage, data theft dominates with 897 cases (77% of the total), followed by financial losses (167) and service disruptions (41).
Cybercrime leads the motivations
With 97% of total incidents (1,105 cases), cybercrime remains the overwhelming driver behind most attacks in Italy. Hackers focus on industries with high economic and strategic impact, particularly those involved in data collection and financial operations.
“The analysis shows that hackers target the most profitable and data-rich sectors,” explains Raguseo.
“This confirms the need for investments in cyber risk management, continuous monitoring, and staff training. Compliance alone is not enough we need a true culture of cyber security.”
The decline in attack numbers is a positive sign, but it does not mean Italy is becoming safer.
As the country’s digital transformation accelerates, so do its vulnerabilities. Only by combining technology, awareness, and governance can Italy turn digitalization into resilience instead of exposure.
