The Clusit Report 2026 paints an unprecedented picture: 5,265 cyber incidents in 2025, up 48.7% on 2024. This is no statistical anomaly — it is a structural acceleration. The monthly average of attacks rose from 171 in 2021 to 439 in 2025: +256% over five years.
Italy remains a preferred target: 507 serious incidents in 2025, accounting for 9.6% of the global total. As members of Clusit, we believe it is essential to translate these numbers into actionable intelligence for Italian businesses. Here are the key figures and what they mean for SMEs.
Global figures: the era of “extreme” attacks
For the first time, the Clusit Report introduces an Extreme severity category, reserved for the most devastating incidents. In 2025 these already account for 2.7% of the total. 84% of incidents carry Critical or High severity (up from 79% in 2024).
5,265
cyber incidents in 2025 (+49% vs 2024)
439/month
monthly average of attacks (was 171 in 2021)
89.3%
of incidents are cybercrime (+55% vs 2024)
84%
of incidents rated Critical or High severity
+75%
growth in phishing / social engineering attacks
+65%
growth in vulnerability exploitation
Italy in the crosshairs: 507 serious incidents
Between 2021 and 2025, known serious incidents against Italian organisations totalled 1,432. Of these, 507 occurred in 2025 alone— 35% of the five-year total. Italy accounts for 9.6% of global incidents, a still-alarming share that approaches the peak of 11.2% recorded in 2023.
One figure stands out: Italy concentrates 64% of global hacktivism incidents. Cybercrime in Italy represents 61% of incidents (versus 89% globally), largely because the hacktivism share is abnormally high. Italian organisations are also more frequently victims of less sophisticated attacks — a sign that security posture remains broadly insufficient.
Most affected sectors: manufacturing, healthcare and public administration
Globally, the three sectors showing the sharpest growth are:
Back in fourth place after a dip in 2024. Manufacturing SMEs, often running lean IT departments and extended supply chains, remain prime targets.
Government and defence climb back to second place. In Italy, the public administration is among the most heavily targeted sectors, partly due to high exposure to hacktivist campaigns.
Digital healthcare remains fragile: attacks are increasing, amplified by AI and an ever-expanding perimeter spanning medical IoT devices and electronic health records.
ICT (+46%), Financial/Insurance (+27%), and Professional/Scientific/Technical (+91%) also posted double-digit growth. The Report notes that cybercriminals tend to shift towards sectors with less mature cybersecurity postures.
AI: a force multiplier for attackers
The Clusit Report 2026 dedicates an entire chapter to artificial intelligence in cybersecurity. Generative AI is being used by attackers to craft more convincing phishing emails (+75% growth in phishing/social engineering), to automate vulnerability discovery, and to develop more sophisticated malware. At the same time, defensive AI — from Agentic SOCs to AI Detection & Response — offers powerful tools but introduces new attack surfaces that require validation frameworks such as the OWASP AI Testing Guide.
For SMEs, the message is clear: attacks are becoming more sophisticated and automated, making traditional defences insufficient. Businesses need advanced endpoint protection (EDR/XDR), ongoing staff training, and a tested backup and disaster recovery plan.