If 2023 had been defined as a "complex" year, the 2024 marked a real breaking point. According to what emerges from the annual report of theNational Cybersecurity Agency (Acn), delivered to Parliament, theItaly registered one alarming growth of cyber attacks: 1.979 cyber events monitored (versus 1.411 in 2023), 573 confirmed serious incidents (+89%) and more 2.700 victims, between public bodies, businesses and economic operators.
Those who pay the price are the ones who pay the price small and medium-sized businesses (75% of cases in the private sector) and the public administration, increasingly exposed to risk. Making the picture even more critical is the exponential increase in alert: over 53.000 risk reports distributed during the year (756 events managed in the PA alone), with an increase of 157% compared to 2023. A mass that highlights not only the increase in the digital attack surface, but also the growing pervasiveness and dangerousness of malicious actors.
The pressure is such that the Acn, established in 2021 as the cornerstone of the national cybersecurity strategy, is now facing a real systemic emergency.
Italy in the crosshairs: 500 attacks signed NoName057(16)
Cyberspace has become, for all intents and purposes, an extension of geopolitical conflicts, and Italy has found itself at the centre of hostilities several times in 2024. Among the more obvious threats, the attacks of the group stand out pro-Russian NoName057(16), responsible for at least 500 DDoS actions (Distributed Denial of Service) attacks targeting institutional portals, companies and strategic infrastructures.
These offensives, defined as "demonstrative" by ACN itself, had the aim of cause temporary disruptions – especially where automatic defenses were lacking – and were conducted in a coordinated manner, with peaks in February, May and December. A timing that, not coincidentally, coincides with moments of international tension.
As the Agency's director noted, Bruno Frattasi, the cyber domain today represents "one of the main channels for venting global tensions". And demonstration attacks, even if less destructive, are a disturbing sign of the fragility of our digital system.
Ransomware: A Silent, But Devastating Threat
Even more insidious is the threat of ransomware, those viruses that encrypt the data of the affected systems and then ask for a ransom in exchange for the unlock key. In 2024, the Agency recorded 198 relevant events (+20% compared to the previous year). But the data, warns the Agency, it's just the tip of the iceberg: many attacks go unreported or unmade public, for reputational reasons or to avoid compromising negotiations.
The sectors most affected were the manufacturing, healthcare, local public administration and digital servicesAmong the most active criminal groups are RansomHub, Lockbit 3.0, 8Base and Blackbasta, specialized in high-impact digital extortion.
Faced with this escalation, Parliament has begun to take action. A bill, promoted by the deputy Matthew Mauri and also supported by members of the majority, proposes the ban on paying ransoms for entities belonging to the National Security Perimeter and the introduction of a Support plan for affected businesses and public administrations. A necessary step for break the vicious cycle of cyber extortion.
The PA's flaws, the most exposed target
The vulnerabilities of the public administration are among the most worrying elements that emerged in 2024. The Acn managed 756 cyber events against national institutions, double the previous year, with 263 confirmed serious incidents. In many cases, this was a matter of disruptions of essential services, computer crashes and data leaks.
To address this trend, the law n. 90/2024, which imposes more stringent obligations for public administrations: report incidents, appoint a cybersecurity contact, adopt at least 26 minimum protection measures and establish an internal structure dedicated to cyber risk management.
The rule also establishes an information coordination system between public administration, judiciary and law enforcement, so that investigative needs do not hinder the continuity of public services.
An evolving regulatory strategy
2024 also saw the implementation of the European directive NIS2, which has redefined the entire perimeter of national digital security. The implementing decree (Legislative Decree 138/2024) has extended the sectors considered "critical" to 18, strengthened the powers of the ACN and introduced fines up to 2% of turnover for those who don't conform.
In parallel, the Cloud regulation for PA, which obliges administrations to classify public data (strategic, critical, ordinary) and to adapt to homogeneous technical requirements. To guarantee the system, procedures are foreseen qualification, audit and monitoring of infrastructure, even in the case of outsourcing to private suppliers.
The National Cryptography Center, with the task of developing proprietary algorithms, evaluating the robustness of existing solutions and defining standards compatible with emerging challenges: artificial intelligence, quantum computing and strategic data protection.
During the Italian Presidency of the G7, a permanent working group on cybersecurity, with the aim of creating a stable network of cooperation between the security agencies of Western democraciesThe group will remain active under the Canadian Presidency in 2025 and represents one of the most significant diplomatic and strategic developments.
621 million for digital security
The Investment 1.5 of the PNRR he made available 623 million euro, almost entirely assigned by the Acn by 2024. They have been started 69 of the 82 planned projects from the National Cybersecurity Strategy 2022–2026.
Sul industrial front, Italy has moved decisively, starting the project IT4LIA AI Factory, an infrastructure from 400 million euro which will give life, in Bologna, to a supercomputer optimised for artificial intelligence, also intended for the protection of critical infrastructures.
A strategic investment, which demonstrates how innovation and safety can no longer be separated.
The human factor remains the Achilles heel
“The maturation, in the various social components, of a stronger awareness of digital risk it is an unavoidable condition for provide stronger foundations for the country's resilience“. This is what we read in the Report, which dedicates ample space to training activities and to the campaigns of awareness promoted in 2024: over 50 national events, hundreds of meetings with public and private stakeholders, and a agreement with the Ministry of Education to bring the culture of cybersecurity into schools too.
A crucial step, if we consider that the “human factor” remains, according to the ACN, the first garrison (and often the first weak link) of the defensive chain.
Cybersecurity as a guarantee of sovereignty
Cybersecurity is no longer optional, But a essential condition for proper functioning of the State and the economy. 2024 was a wake-up call that we cannot ignore.
It takes a ccollective change of mindset: companies, PA, citizens. No one is safe alone. And, to quote the Agency: “Cyber resilience is a shared responsibility“. Because in cyberspace, even more than in the physical world, no one saves themselves.
