Italy Faces Alarming Rise in Cyber Attacks in 2024, Says National Report

Cyber attacks in Italy reached record levels in 2024, marking a major turning point in the country’s digital security landscape. According to the annual report by the National Cybersecurity Agency (ACN), nearly 2,000 cyber events were monitored last year — a sharp rise from 1,411 in 2023. Serious incidents increased by 89%, with 573 confirmed cases, and over 2,700 victims, including government offices, private companies, and economic operators.

Small and medium-sized businesses suffered the most in the private sector, accounting for 75% of attacks, while the public administration also became a frequent target. The report highlights a growing danger: ACN managed over 53,000 risk alerts in 2024 — a 157% increase from the previous year.

The agency now warns that Italy is facing a true systemic emergency, as cyber threats become more dangerous and widespread.

Cyber Attacks Reflect Geopolitical Tensions

Cyber attacks are no longer just technical issues; they are now deeply tied to global conflicts. In 2024, Italy was frequently caught in the crossfire. One of the most active hacker groups was the pro-Russian NoName057(16), which carried out at least 500 DDoS (Distributed Denial of Service) attacks on government websites and vital infrastructure.

These attacks, aimed at causing temporary disruptions, were especially effective where security defenses were weak. They peaked during times of international tension — particularly in February, May, and December.

As ACN director Bruno Frattasi stated, cyber space has become “one of the main channels for global tensions to play out.”

Ransomware Attacks on the Rise

Even more dangerous are ransomware attacks, where hackers lock a system’s data and demand payment to restore it. ACN recorded 198 major ransomware incidents in 2024, a 20% rise from 2023. However, the agency warns that many attacks go unreported due to fears of reputational damage or ongoing negotiations with hackers.

Industries most affected included manufacturing, healthcare, public administration, and digital services. Active ransomware groups included RansomHub, Lockbit 3.0, 8Base, and Blackbasta.

To fight back, lawmakers proposed a bill banning ransom payments by national security organizations and offering support plans for affected entities. The goal is to break the cycle of digital extortion.

Government Takes Stronger Action

In 2024, public administration vulnerabilities became a major concern. ACN responded to 756 cyber events involving national institutions — double the number from the previous year — including 263 serious incidents. These often caused system crashes, service disruptions, and data leaks.

To tackle this, Italy passed Law No. 90/2024, requiring public offices to:

• Report cyber incidents promptly

• Appoint a cybersecurity officer

• Follow 26 minimum security measures

• Create internal teams to manage cyber risks

The law also improves coordination between public offices, the judiciary, and police to ensure that investigations don’t disrupt essential services.

European and Strategic Developments

Italy also implemented the EU's NIS2 directive through Legislative Decree 138/2024, which:

• Expanded the list of “critical sectors” to 18

• Strengthened ACN’s powers

• Introduced fines of up to 2% of a company’s turnover for non-compliance

New cloud regulations now require public bodies to classify data by importance and follow standard technical rules, even when using private providers.

Additionally, Italy launched the National Cryptography Center to develop secure digital tools, especially in response to rising threats from AI and quantum computing.

During its G7 presidency, Italy helped form a permanent cybersecurity working group that will continue under Canada in 2025. The group aims to boost cooperation among democratic nations.

Investments and Public Awareness

Italy invested heavily in digital defense in 2024. Through the PNRR plan, ACN received €623 million, with 69 out of 82 projects already underway. On the industrial front, Italy began building the IT4LIA AI Factory in Bologna — a €400 million AI-powered supercomputer meant to protect critical systems.

ACN also focused on education and awareness. Over 50 national events and hundreds of meetings were held, along with a new agreement with the Ministry of Education to teach cybersecurity in schools.

The report stresses that the human factor — people’s awareness and behavior — remains the first and weakest link in cyber defense.

Conclusion:
Cybersecurity is no longer a technical choice — it’s essential for the safety of our state and economy. As 2024 has shown, no one is safe alone. Governments, businesses, and citizens must work together to strengthen Italy’s digital defenses. As the ACN report says:
“Cyber resilience is a shared responsibility.”

Source: First Online