Skip to main content
TechnologyMay 12, 2026· 3 min read

Italy is No Longer Among the Top Five Countries in the World for Ransomware Attacks, According to Var Group

The number of cyber attacks against companies continues to grow, especially those with more serious outcomes, and criminals are particularly focusing on the manufacturing and IT sectors. The positive news, however, is that Italy is no longer among the top five countries in the world for ransomware attacks. This is the picture painted by Yarix, a cybersecurity center of Var Group, which has published its annual report for 2025.

Rising Attacks, but Italy is No Longer at the Top of the Target List

There are over 522,000 security events recorded by the SOC of Yarix, of which 158,000 turned into actual incidents, with an average monthly increase of 8% compared to 2024. The most concerning statistic is that severe incidents have increased by 62% year-over-year. Globally, there has been a 51% increase in ransomware attacks, reaching over 7,100 publicly claimed attacks, driven by a significant increase (+35%) in new hacker groups, although the top 10 conducted 56% of the total attacks.

In Italy, the sectors most affected are manufacturing (17.9%) and IT (8.3%), primarily due to the weakness of infrastructures and the value and volume of data. Smaller companies are the most affected (67%, +10% compared to the global average), followed by medium-sized companies (18%), aligning with the composition of the Italian business sector.

At the territorial level, there are no particular surprises: Lombardy is the most affected region (36%), followed by Emilia-Romagna (13%) and Lazio (11.6%). When looking at the countries, the USA remains the most affected (52%), followed by Canada (6%) and Western Europe (Germany, United Kingdom, and France together make up 10%). Italy has dropped to sixth place, after being among the top five countries for years.

It is interesting to note that hacktivism, or attacks carried out for idealistic or propaganda reasons, has seen a significant increase. The first and most pronounced peak occurred between June and July 2025, with over 27% of observed attacks; this peak was due to Italy's leading role as an active supporter of Ukraine. A second peak, which recorded 23% of the attacks, occurred between September and October and focused on the conflict in Gaza and the West Bank; Italy was perceived as a supporter of Israel and was therefore attacked.

"2025 marks a maturation phase for the cyber context: we are no longer facing just a growth in numbers but a profound change in the ways the threat manifests. Attacks have become faster, fragmented, and capable of adapting quickly, supported by a now-structured criminal ecosystem and increasing access to advanced tools, including those based on artificial intelligence. In this context, ransomware remains one of the main tools of economic pressure, while the geopolitical component increasingly affects the Italian landscape, making cyber risk closely linked to global balances," stated Mirko Gatto, Head of Cybersecurity at Var Group.

"For organizations, the most significant change concerns the very role of security, which is evolving from a predominantly technical function to a strategic factor. In this scenario, true competitive advantage will not be about avoiding attacks but rather being able to manage them, reducing impact, and transforming them into an opportunity for continuous improvement. In the coming years, the shift from simply 'declared' cybersecurity to 'demonstrable' cybersecurity will become increasingly evident. Regulations like NIS2, along with the evolution of the threat landscape, will push organizations towards models based on governance, traceability, constant controls, and real response capability."

Intel Razor Lake: Is the Company Reviving the Project It Called 'Inconvenient'?Lies of P 2 Officially Enters Full Development Phase: The Soulslike Inspired by Pinocchio is Set to Return