Italy Under Siege: The Government Sector in the Crosshairs of Cybercriminals, March Data

The data published by Check Point Research (CPR) in the March 2026 Global Threat Intelligence Report confirms a constant pressure on Italy's digital infrastructures. With an average of 2,424 cyberattacks per week per organization, Italy records a threat volume that is 21.5% higher than the global average, which stands at 1,995 weekly incidents. Despite a slight decrease compared to the same period in 2025, the Italian figure remains concerning, especially when compared to the global trend showing a 5% annual reduction in attacks.

This apparent stabilization should not mislead anyone. As highlighted by Omer Dembinsky (Data Research Manager at CPR), attackers have not reduced their activity but have simply "shifted gears", modifying strategies and targets to exploit the ever-expanding attack surfaces of modern businesses. In Italy, the favored targets remain the government sector, public goods and services, and the industrial sector.

Data Breaches and AI: 91% of Companies at Risk Due to GenAI Usage

The massive integration of generative AI into business workflows has introduced structural risks that evade traditional security controls. In March 2026, each organization used an average of 9 different GenAI tools, with each user generating an average of 78 prompts. The speed of adoption has outpaced the governance capacity of businesses, leading to a critical situation: 1 in 28 prompts sent in business contexts presented a high risk of exposing sensitive data.

This phenomenon impacts 91% of organizations that regularly use AI. In addition to high-risk prompts, a further 17% contained potentially sensitive information, creating “silent” exposure pathways that can lead to data exploitation even without a conventional breach of defensive perimeters. The risk has shifted from the volume of attacks to the qualitative impact of daily human-machine interactions.

The ransomware landscape shows signs of reinvigoration. Although there is an 8% decline globally compared to March 2025, March 2026 recorded a 7% increase compared to February of the same year, with 672 publicly reported attacks. The ecosystem is consolidating around a few dominant players: Qilin (responsible for 20% of attacks), Akira (12%), and DragonForce (8%). These three groups manage 40% of the market, but fragmentation remains high with 47 different operational entities recorded during the month.

Geographically, North America holds the record for ransomware attacks (55%), but Europe has shown the most decisive acceleration, rising from 17% in February to 24% in March. Italy ranks sixth in the global list of countries most affected by ransomware, accounting for 3.4% of total incidents. The business services sector is the most affected worldwide (35% of incidents), followed by consumer goods and industrial production.

Globally, the education sector remains the most targeted with 4,632 weekly attacks, despite a 6% decrease compared to the previous year. Following this are the government sector (2,582 attacks) and telecommunications (2,554 attacks). A significant figure concerns the hospitality and leisure sector, which has seen a 30% annual increase. This seasonal rise is directly linked to the recovery of spring travel, which expands the attack surface through increased digital transactions and greater reliance on third-party providers.

In this context, Check Point Software's strategy focuses on a “prevention-first” approach to block threats before they spread, automating security operations in complex ecosystems that include hybrid networks, multicloud environments, and, inevitably, new AI systems. For the complete global threat index for March 2026 and further insights, Check Point's blog is available.