Italy Remains Among the Top 10 Countries for Ransomware Attacks, but Global Risk Level Decreases
Italy remains among the countries most affected by ransomware, according to the Cyber Risk Report 2026 by TrendAI, part of Trend Micro. Our country ranks seventh on the list of the most affected countries, in a scenario that sees a 236% increase in confirmed attacks.
Italy Among the Top 10 Countries for Ransomware Attacks
For some time now, Italy has been among the countries most targeted by cybercriminal attacks, which particularly focus on ransomware as a tool to strike their victims. With 243 breaches detected by TrendAI, Italy ranks seventh in the world. The complete ranking includes the USA (4,893), Canada (520), Germany (433), the United Kingdom (343), France (313), Spain (278), Italy (243), India (224), Brazil (207), and last, Australia (176).
TrendAI has developed what it calls the "Cyber Risk Index" (CRI), which calculates the gap between defenses and the likelihood of being attacked. The global average index has significantly decreased, dropping from 38.5 in 2025 to the current 35.8, continuing the positive trend of recent years. The sectors at the highest risk are: mining (42.5), healthcare (40.3), agriculture (40.3), telecom (39.9), education (39.8), public administration (39.7), communication (39.3), financial services (38.9), utilities (38.9), and insurance (38.8).
The companies that TrendAI identifies as "medium-sized", meaning those with 5,000 to 10,000 employees (which in Italy we would define as "large-sized"), have the highest CRI because they often need to manage complex infrastructures but lack the resources to do so optimally. In contrast, larger companies have such resources and are therefore better protected, while smaller companies have smaller attack surfaces and are thus safer. The risk remains quite similar (between 38.3 and 41.5) for all companies with more than 500 employees, while it drops significantly below that, reaching 32.4 for companies with up to 100 employees.
TrendAI confirms that, as always, most risks stem from configuration issues in authentication, which remains the most critical factor: old, disabled users, disabled multi-factor authentication, and unregulated access to cloud apps contribute to challenges for companies. Incorrect configuration of firewalls, anti-malware, and other security measures also contributes to the creation of problems, particularly since multiple errors often occur in the same environment.
Cybercriminals often exploit vulnerabilities that do not seem particularly severe when taken alone, but become dangerous when used together. On average, it takes only 39 days for criminals to start using a vulnerability after its discovery.
"Even the most advanced solutions can have configuration errors or mismanage identities, this confirms that organizations are facing an operational gap rather than a technological one," says Marco Fanuli, Technical Director of TrendAI Italy.
"The companies that made the most significant progress in 2025 are those that abandoned periodic security checks in favor of continuous, intelligence-driven risk management."