Strengthening Italy’s Cyber Defenses: Navigating Growing Threats and New Regulations to Safeguard Small and Medium Enterprises

Italy is facing an alarming surge in cyber threats, a trend that has been growing steadily over recent years. According to the Clusit 2025 report, the country has seen a sevenfold increase in cybersecurity incidents between 2020 and 2024. In 2024 alone, Italy recorded 357 particularly serious cyberattacks, making up nearly 10% of global incidents, compared to just 2.5% in 2020. These numbers underscore a significant challenge for the nation, particularly with regard to the increasing vulnerability of small and medium-sized enterprises (SMEs), the backbone of Italy’s economy.

Raising Awareness of Cyber Risks

As the digital landscape evolves, so too does awareness of cyber risks among businesses and government institutions in Italy. This growing recognition is reflected in a 15% rise in investments within the cybersecurity sector, with the market reaching a value of approximately €2.5 billion in 2024, according to the Cybersecurity & Data Protection Observatory of the Polytechnic University of Milan. However, despite this progress, experts warn that much more needs to be done to ensure a comprehensive defense against cybercrime, which has become a global industry driven by geopolitical tensions.

The Rising Threat of Cybercrime

Today’s cybercriminals are no longer isolated actors but well-organized networks that operate like sophisticated businesses. These groups have the resources and capabilities to launch large-scale, systematic attacks that can disrupt industries and governments worldwide. Cybersecurity is now a critical issue that extends far beyond technical specialists. It has become a key component of national competitiveness and resilience.

Among the most vulnerable sectors are medium-sized enterprises, which are often ill-prepared to meet the growing cybersecurity demands. These companies now face new regulatory pressures, but many are still lacking the necessary technological infrastructure and skilled personnel to safeguard their operations effectively.

New Regulations: A Turning Point for SMEs

The introduction of the NIS2 Directive represents a significant shift in Italy’s approach to cybersecurity regulation. While the original NIS1 Directive primarily focused on large corporations and critical infrastructure, NIS2 extends these obligations to smaller businesses, marking a vital step in protecting the broader economy. Many Italian SMEs, previously exempt from stringent cybersecurity regulations, lack the internal resources to tackle security issues, often relying on individuals who may not have specialized expertise in the field. As a result, the risks for these companies are considerable.

NIS2 raises the stakes by imposing potential penalties and reputational damage on company leaders in the event of non-compliance. As businesses begin to understand the far-reaching consequences of these regulations, there is growing recognition that cybersecurity is not a sunk cost but a strategic investment that can drive competitive advantage and operational continuity.

The Digital Debt and the Path Forward

Italy has accumulated a significant “digital debt” in terms of both infrastructure and cybersecurity preparedness. However, this challenge presents an opportunity for transformation. NIS2 opens the door to a nationwide effort to improve awareness, training, and the development of resilient systems. As businesses and employees become more knowledgeable about cybersecurity, the benefits extend beyond the workplace, fostering a culture of digital responsibility that can positively impact society as a whole.

Alessandro Geraldi of Impresoft stresses that cybersecurity must be approached as an ongoing, long-term investment. It is not enough to implement one-off solutions such as software installations or insurance policies. A robust cybersecurity strategy requires continuous monitoring, incident management, technological updates, and employee training. Only with a structured, holistic approach can businesses truly gain a competitive edge in the face of evolving threats.

The Role of Artificial Intelligence in Cybersecurity

In today’s rapidly changing digital landscape, technologies like artificial intelligence (AI) present both opportunities and challenges. If harnessed effectively, AI can enhance IT defenses and improve threat detection. However, if left unchecked, AI can also be used by cybercriminals to launch more sophisticated attacks. As such, companies must not only adopt the latest technologies but also develop the skills to understand and govern them responsibly.

The Importance of Local Expertise

In this context, Geraldi argues that Italy must rely on homegrown cybersecurity expertise rather than outsourcing its digital defense to foreign providers, no matter how cost-effective they may seem. Digital security is a national strategic asset that should be built on local capabilities. By strengthening a network of Italian cybersecurity experts, the country can safeguard its national interests and enhance its global competitiveness.

According to Geraldi, firms like Impresoft, which deeply understand the needs of the Italian mid-market, are ideally positioned to lead this charge. Italy’s many excellent IT companies should be valued and integrated into a cohesive national strategy for digital security. With a reliable, locally-based approach, Italy can create a safer and more resilient digital future, starting with sectors like fashion, manufacturing, food, and services.

As Italy navigates the challenges of the digital age, it is clear that cybersecurity must be treated not just as a technical issue but as a core component of national strength and competitiveness.