Cyber threats in Italy have reached new levels of sophistication, with a significant increase in targeted attacks against companies, institutions and citizens, according to research released by TIM, Italy’s major telecommunications carrier, in June 2025. It is the first report of its type by TIM, which describes multiple categories of cyber attacks in granular detail.
According to analysis of data collected by TIM’s Security Operation Centre (SOC), DDoS attacks have grown by 36% since 2023, reaching an average of 18 events per day. Even more worrying is the intensity of these attacks: almost 4 out of 10 exceeded 20 Gbps,making detection and mitigation increasingly complex.
Also significant is the growth of attacks against the Public Administration, which rose from 1% to 42% of the total in just one year, a sign of a geopolitical evolution of threats. Cyber attacks classified as “Severe” more than tripled from 2020 through 2024.
Ransomware also continues to represent a significant risk, with 146 attacks detected in Italy in 2024, placing it in second place in Europe for the number of attacks suffered. The phenomenon involves, in particular, the services (58%) and manufacturing (26%) sectors, fueled by the spread of the Ransomware-as-a-Service model.
Report makeup
The report is divided into four specific areas:
- Main attacks: observation of the most relevant cyber events of the year, focusing on DDoS and Ransomware attacks, based on operational data gathered by TIM.
- Sectoral analysis: analysis of the attacks by sector, with a particular focus on the corporate, productive and institutional worlds, to identify the most affected areas and the main threat scopes.
- Regulatory Developments: overview on the strategies and regulatory initiatives at European and Community level, aimed to reinforce the cyber defence of the Union and its member States, among which Italy is included.
- Emerging technologies: focus on the technological innovations transforming cybersecurity, both from the defence and attack points of view.
The report also offers an insight into emerging technologies such as artificial intelligence and quantum computing, which on the one hand enhance defensive capabilities but on the other hand become tools in the hands of attackers, with the rise of advanced phishing, deepfakes and targeted attacks.
The report was produced as a collaboration between the Cyber Security Foundation and the contribution of TIM Research Centre, which analyses the main risk trends in Italy
Further reading
Cyber Security Report: DDoS and Ransomware threat analysis, FY 2024. Report and analysis (PDF). Released June 2025. TIM
Cyber Security Report 2025. Discover the first report produced by TIM and the Cyber Security Foundation. Press release. June 12, 2025. TIM
Why it matters
While the threats detailed in this report are not “piracy,” the details of individuals and institutions that can be exposed and stolen through unauthorized access to data and can be used to target individuals and media industry stakeholders with credential fraud, malware attacks and ransomware attacks.
Denial of Service attacks can make online services that people depend upon, unreliable or unavailable. Consumers can also be targeted for deception by disinformation campaigns and deceived by social engineering campaigns.
The analysis is a concrete tool to increase the culture of digital security and support the resilience of the country.
