Cyber crime numbers have seen a considerable increase over the past year, with many experts attributing the rise in certain types of crime to the COVID-19 pandemic. Italy has seen patterns similar to many countries across the globe and citizens and organizations in the country have had to respond. Cyber security is increasingly a priority for the government, businesses, and individuals.
Here, we look at some of the most important Italy cyber security and cyber crime statistics that provide a view of today’s landscape in the country.
- 1 1. Over 85% Italian of organizations were subject to at least one successful attack within a 12-month period
- 2 2. 64% of organizations in Italy dealt with ransomware attacks
- 3 3. 12.3% of IT budgets are spent on security
- 4 4. More than 8 in 10 organizations prefer security products that involve the use of machine learning and AI
- 5 5. Italy was in the top six countries hit with banking malware in 2020
- 6 4. Italy was the fourth most attacked country by mobile banking malware in 2020
- 7 7. Over 40% of Italian companies have experienced a ransomware attack in the last 12 months
- 8 8. 38% of ransomware attacks were stopped before data was encrypted
- 9 9. 6% of Italian organizations hit by ransomware paid the ransom
- 10 10. The average cost of a ransomware attack in Italy was around $444,000
- 11 11. 88% of organizations hold cyber security insurance
- 12 12. A March 2021 ransomware attack saw the theft of 40 GB of data from a premium Italian brand
- 13 13. Italy remains heavily targeted by malicious mailshots
- 14 14. Around 1% of scam websites have .it domains
- 15 15. Italy ranked 54th out of 79 countries in our cyber security study
- 16 16. Italy has seen over 750,000 COVID-19 related malicious files
- 17 17. 67 GDPR-related fines have been issued in Italy
- 18 18. The third largest GDPR fine was against an Italian organization
- 19 19. Italy tops the list of total value of GDPR fines
- 20 20. There have been over 3,000 personal data breaches in Italy over the past three years
- 21 21. An April 2020 attack impacted Italy’s social security website
- 22 22. There was a huge jump in phishing attacks in early 2020
- 23 23. Italy has the lowest rate of businesses using MFA
- 24 24. Employees have an average of 80 passwords each
- 25 25. The Italian cyber security market is estimated at $1.5 billion
- 26 26. The average cost of a data breach in Italy is over $3 million
- 27 27. Most data breaches are caused by malicious attacks
- 28 28. It takes an average of 268 days to identify and contain a data breach
- 29 29. The theft of military and defense data led to arrests by Italian police
- 30 30. Italy is one of the top 2 European countries impacted by stalkerware
1. Over 85% Italian of organizations were subject to at least one successful attack within a 12-month period
The CyberEdge Group 2020 Cyberthreat Defense Report (CDR) provides the results of interviews with security professionals in various regions across the globe. It found that in the past year, 85.7 percent of Italian organizations have dealt with a successful cyber attack.
2. 64% of organizations in Italy dealt with ransomware attacks
The CyberEdge report also tells us that almost two in three Italian organizations have been hit with a ransomware attack in the past 12 months. Italy was sixth in the list, with China, Mexico, Canada, Saudi Arabia, and the US all being hit with more attacks.
3. 12.3% of IT budgets are spent on security
According to CyberEgde, Italian companies spend just over 12 percent of their IT budget on security. This represents an increase of 4.7 percent compared to 2019. Relative to other countries, Italy sits roughly in the middle of the pack. Mexico spends the highest portion (15.9 percent) of its IT budget on security, while Japan spends the lowest (10.6 percent).
4. More than 8 in 10 organizations prefer security products that involve the use of machine learning and AI
Another interesting area that CyberEdge probed was that of machine learning and AI. It found that 85.7 percent of Italian companies preferred products that involved these technologies. The leader here was Turkey (100 percent) and the country with the lowest interest was Australia (72 percent).
5. Italy was in the top six countries hit with banking malware in 2020
A Kaspersky banking malware study into financial cyberthreats found Italy was the sixth most attacked country with banking malware in 2020. It was hit by 3.3 percent of attacks while Russia experienced 26.6 percent of attacks followed by Germany (4.5 percent) and Kazakhstan (4.1 percent).
4. Italy was the fourth most attacked country by mobile banking malware in 2020
Another Kaspersky study looked at the rate at which users in various countries dealt with mobile banking malware attacks. Italy was the fourth most attacked country, behind only Japan, Taiwan, and Spain. It was the fifth most attacked country by ransomware Trojans.
7. Over 40% of Italian companies have experienced a ransomware attack in the last 12 months
The Sophos State of Ransomware Report 2020 sheds light on the number of organizations impacted by ransomware. It tells us that 41 percent of Italian companies dealt with ransomware in 2020, which is lower than the figure stated in the CDR above. In the Sophos report, Italy was in the bottom six out of 26 organizations. India topped the list by a large margin at 82 percent, followed by Brazil (65 percent) and Turkey (60 percent).
8. 38% of ransomware attacks were stopped before data was encrypted
The Sophos report studied how well companies were able to react to ransomware attacks. Almost 40 percent of ransomware attacks against Italian organizations were stopped before data encryption commenced. This put Italy in the top three countries behind Turkey (51 percent) and Spain (44 percent).
9. 6% of Italian organizations hit by ransomware paid the ransom
Of the Italian ransomware attacks studied, Sophos found organizations paid up in just six percent of cases. This was very low compared to the top payee India (66 percent) and just two percentage points ahead of the least likely to pay, Spain (four percent).
10. The average cost of a ransomware attack in Italy was around $444,000
Another key statistic provided by Sophos was the average cost to remediate a ransomware attack. For Italian companies, that figure was $443,552.04. Only six out of the 26 countries had lower costs.
11. 88% of organizations hold cyber security insurance
One more area we can learn about from the Sophos report is cyber security insurance. Almost nine in 10 Italian organizations have a cyber security insurance policy, which is about average on a global scale. 68 percent of those that have cyber security insurance are protected against ransomware.
12. A March 2021 ransomware attack saw the theft of 40 GB of data from a premium Italian brand
At the end of March 2021, premium Italian menswear brand Boggi Milano was hit by a large ransomware attack executed by the Ragnarok group. The hackers exfiltrated 40 GB worth of corporate data including human resource documents and salary details.
13. Italy remains heavily targeted by malicious mailshots
According to research by Kaspersky, Italy was the fourth most targeted country by malicious mailshots in 2020 with a 5.45 percent share. The country’s share was lower than that of top target Spain (8.48 percent). Germany (7.28 percent), Russia (6.29 percent), and Vietnam (5.20 percent) round out the top five.
14. Around 1% of scam websites have .it domains
Kaspersky also investigated where scam sites appear to originate. While the largest portion (24.36 percent) are .com domains, a significant number have country-code extensions. The study found that 1.06 percent of scam website domains have the .it extension.
15. Italy ranked 54th out of 79 countries in our cyber security study
A Comparitech study used a variety of factors to rank 75 countries based on their overall cyber security score. Criteria included the prevalence of various types of malware, the number of attacks that originate in the region, how prepared the country is for cyberattacks, and more. Italy didn’t score all that well, ranking 54th out of 75 with a score of 21.09. The top-ranked country was Denmark (scoring 3.56) and the lowest-ranked was Tajikistan with 35.54 (a lower score is better).
McAfee has been tracking malicious file detections since May 2020, observing over 10 million across the globe so far. Of those, 759,676 were detected in Italy. This puts the country in sixth place in terms of volume. Ahead of it are the US, Spain, South Africa, India, and Estonia.
See also: COVID-19 cybersecurity statistics
Privacy Affairs tracks all GDPR fines that have been made public to date. Of 625 fines in the database, 67 were issued in Italy.
18. The third largest GDPR fine was against an Italian organization
The DLA Piper Data Breach Report 2021 reveals information about GDPR fines issued since the regulations were introduced in May 2018. One of the largest fines to date was issued by Garante (Italy’s data protection supervisory authority) against a telecommunications operator. The company was reprimanded for a number of breaches and ordered to pay €27.8 million. The sixth, eighth, and tenth largest fines were also issued in Italy.
19. Italy tops the list of total value of GDPR fines
Since the GDPR came into effect, organizations operating in Italy have amassed the largest total amount in fines. At €69,326,716, Italy just beats Germany which totals €69,085,000 in fines.
20. There have been over 3,000 personal data breaches in Italy over the past three years
DLA Piper found that Italy has seen reports of 3,460 personal data breaches since May 2018. It also reveals that there was a total of 1,574 breaches in 2020 and 1,276 in 2019.
The INPS, Italy’s social security agency, was the subject of a large cyber attack in April 2020. Multiple attacks occurred while Italians were beginning to apply for pandemic-related benefits, forcing the site to shut down. While the site was still active, users reported being able to see the personal data of other applicants while trying to complete their own requests.
22. There was a huge jump in phishing attacks in early 2020
Cynet monitors the prevalence of phishing attacks on a month-to-month basis. At the start of the pandemic, it saw a notable increase in the number of phishing attempts in Italy. Between February 15 and March 15, 2020, the number of attacks in the country was almost three times normal levels. This is in contrast to the other countries studied where activity simply fluctuated slightly. In light of these observations, Cynet warned CISOs worldwide to be prepared for similar spikes in other regions.
23. Italy has the lowest rate of businesses using MFA
The 3rd Annual Global Password Security Report by LastPass studied various aspects of password and login habits among employees. It found that Italy has the lowest portion of businesses with employees using Multi Factor Authentication (MFA) at just 20 percent. This was significantly lower than the top adopters of MFA: Denmark (46 percent), the Netherlands (41 percent), and Switzerland (38 percent).
24. Employees have an average of 80 passwords each
LastPass also asked employees how many passwords they have to deal with and found that the number in Italy was a hefty 80. The only country where users have more passwords is Belgium where the average is 112. Behind Italy are New Zealand, Spain, and the UK, where the average is 36.
With so many passwords to deal with, it’s perhaps not surprising that employees have an average of 12 reused passwords each. That said, this was on the lower end; the highest was Canada (15) and the lowest in Denmark and Sweden (11).
25. The Italian cyber security market is estimated at $1.5 billion
According to the latest statistics from the International Trade Administration, the cyber security market in Italy is worth approximately $1.5 billion. The largest segments are the security appliances sector valued at $675 million and the software segment estimated at $450 million. Overall, the market is predicted to grow seven percent each year.
26. The average cost of a data breach in Italy is over $3 million
The IBM Cost of a Data Breach Report 2020 reveals how much the average data breach cost per region. In 2020, that figure for Italy was $3.19 million, which was just below the global average of $3.86 million. Italy was one of the few countries to have seen a decline in the average cost of a data breach, with 2019 incidents having been five percent more expensive.
27. Most data breaches are caused by malicious attacks
IBM found that just over half (51 percent) of Italian data breaches are the result of malicious attacks. A further 19 percent stem from system glitches while 29 percent are attributed to human error.
28. It takes an average of 268 days to identify and contain a data breach
An important factor when studying data breaches is the time it takes to identify and contain a breach. Italy does quite well in that regard taking an average of 203 days to identify a breach and 65 days to contain it. To put this in perspective, IBM found that German companies take 128 to identify and 32 to contain a breach, and Brazilian organizations take 265 to identify and 115 days to contain.
29. The theft of military and defense data led to arrests by Italian police
At the end of 2020, arrests were made in an investigation into an insider hack at Italian defense firm Leonardo. Details of military aircraft involved in the firm’s fighter jet program appeared to be the main target of the attack. While the arrest was recent, the investigation has been ongoing since January 2017 when Leonardo first noticed an abnormal flow of data from its network. However, Leonardo maintains that computers that were violated did not contain classified, strategic information.
30. Italy is one of the top 2 European countries impacted by stalkerware
A Kaspersky study of stalkerware found that Italy is the second most affected country in Europe. It saw 1,144 stalkerware incidents in 2020, putting it behind only Germany which saw 1,547. On a global scale, Italy was in eighth place with Russia topping the list with 12,389 incidents, followed by Brazil (6,523) and the US (4,745).