Clusit 2026 report, Italy in the crosshairs of activists have reached a share of 39%, driven by geopolitical tensions and cybercrime

The data, presented in the Clusit 2026 Report, indicate for the Peninsula 507 critical incidents, with an increase of 42% compared to 2024. As underlined by researchers from the Italian Association for Information Security, this perimeter highlights a radical change characterized by a surge in incidents of 157% in the last five years. THE’Artificial Intelligence has confirmed itself as an element of profound transformationacting as a risk multiplier both in the creation of malicious software and in the refinement of vulnerability exploration techniques. According to Anna Vaccarelli, president of Clusit: “Artificial Intelligence Redefines Cybersecurity: Autonomous Agentic Systems Enhance Defense, But Introduce New Challenges, Such as Manipulable Vulnerabilities“.

Globally, the Cybercrime aimed at extorting money remains the prevailing motivationcovering almost 9 incidents out of 10. However, in Italy a specific dynamic is observed: if cybercriminals represent 61% of attackers, activists have reached a share of 39%, driven by international geopolitical tensions. The affected sectors show differentiated vulnerabilities.

In the Italian context, the Government, Military and Law Enforcement sectors were the most targeted, suffering over 28% of total accidents with an increase of 290% in absolute value. This is followed by the manufacturing sector, where 16% of global events involved Italian companies. On the contrary, the Italian healthcare system recorded a reduction in the incidence of attacks, reaching 1.8% of the sample.

Sofia Scozzari, of the Clusit Steering Committee, observed: “It is still possible for cyber criminals to obtain conspicuous results by attacking basic technology, the one commonly available in companies, or by using standard attack techniques“.

On the technical front, Malware remains the most widespread tool globally, causing one in four incidents. In Italyhowever, was witnessed an exponential growth in DDoS (Distributed Denial of Service) attacks, rising from 21% to 38.5% of cases in 2025. Luca Bechelli explained: “Italy is particularly exposed to cyber-activism phenomena: despite often having only demonstrative purposes and limited substantial impacts, these attacks hit the mark, attracting enormous media attention“. In parallel, the SOC analyzes of Fastweb + Vodafone highlight an increasing sophistication of phishing campaigns and an increase in “zero-day” attackswhich target vulnerabilities not yet known to software manufacturers.