The new update of the Clusit 2025 Report paints a picture of rapid evolution. While the world battles financial cybercrime, Italy faces an unprecedented wave of geopolitical activism. 

In this article, we analyze the main data and how SGBox technology can support Italian SMEs in defending themselves against the most prevalent threats.

Cber Security in 2025: a rapidly evolving landscape

2025 is proving to be a disruptive year for information security. While 2024 already signaled a worrying increase in incidents, the first half of 2025 confirms and aggravates this trend, bringing to light new dynamics that directly impact the operational continuity of companies and Italian institutions.

The latest update of the Clusit Report leaves no doubt: the frequency and severity of attacks are constantly increasing, making cybersecurity no longer an option, but a fundamental pillar for business survival.

The most significant data from the Clusit Report (H1 2025)

Globally, the situation is critical. In the first half of 2025, 2.755 severe incidents were recorded, the highest number ever logged for a single semester, marking an increase of 36% compared to the previous semester.

It is not just a matter of quantity, but of quality and impact: 82% of the incidents analyzed had consequences of “Critical” or “High” severity. This means that when an attack succeeds, the economic, reputational, and operational damages are almost always devastating.

Focus on Italy: a worrying anomaly

Italy continues to be in an uncomfortable position. Despite representing a minimal fraction of the world’s population, our country suffered 10.2% of the global attacks recorded in the first half of 2025.

However, what distinguishes Italy from the rest of the world is the nature of the attackers. While globally Cybercrime (driven by profit) dominates with 87% of incidents, in Italy, we are witnessing the overtake by Hacktivism. In our country, 54% of attacks are of activist/geopolitical matrix, versus 46% of cybercrime.

This peculiarity is reflected in the attack techniques:

• DDoS (Distributed Denial of Service): this is the leading technique in Italy, used in 54% of cases (versus 9% globally), aimed at paralyzing services and creating visible disruptions.

• Malware and Ransomware: although decreasing to 20% of the total in Italy, they remain a lethal threat to the integrity of company data.

Which sectors are most affected?

No sector can be considered safe, but 2025 has seen specific targeting of certain verticals:

• Government & Military: this is the most affected sector in Italy (38% of the total), with a dizzying growth in incidents (+600% compared to the same period in 2024), driven by geopolitical tensions.

• Transportation & Storage: rises to second place (17%), highlighting the fragility of supply chains and logistics.

• Manufacturing: represents 13% of Italian incidents, confirming itself as a critical target due to the convergence between IT and OT and the value of intellectual property.

How SGBox responds to emerging threats

Faced with a scenario where DDoS attacks aim to halt operations and “Agentic” Artificial Intelligence begins to make threats more autonomous and sophisticated, Italian SMEs need total visibility into their infrastructure.

The SGBox platform offers a concrete and modular response to the critical issues highlighted by the Clusit Report:

• Real-Time monitoring against DDoS: given the prevalence of DDoS attacks in Italy, SGBox’s ability to collect and correlate logs from different sources (firewalls, routers, servers) allows for real-time identification of traffic anomalies. This enables security teams to react promptly before the service is completely interrupted.

• Defense against Malware and Ransomware: with 20% of Italian attacks still based on Malware, SGBox’s Event Correlation (SIEM) functionality is decisive. By analyzing suspicious patterns and correlating seemingly disconnected events, the platform can detect early signs of anomalies and automatically generate security alerts.

• User Behavior Analytics (UEBA) for Agentic AI: the new threats based on Agentic AI operate autonomously and adaptively. The SGBox UEBA module analyzes the behavior of users and entities: if an account or a process begins to behave abnormally (e.g., accesses at strange hours, data exfiltration), the system signals it, regardless of whether the attacker is human or an AI-guided bot.

• NIS2 Compliance and reporting: with the consolidation of the requirements imposed by the NIS2 Directive, risk management and incident notification become mandatory for many companies in the Supply Chain (Manufacturing, Transport). SGBox simplifies compliance by centralizing logs and generating advanced reporting ready for audits, reducing the bureaucratic burden.

Future prospects

The analysis of the Clusit 2025 report suggests that uncertainty is the “new normal”.

The gap between the offensive capability of attackers and the defense of companies is widening, and for the coming year, we expect the use of Artificial Intelligence in attacks to become increasingly pervasive and “underground,” making threats less evident but more insidious.

The challenge for Italian SMEs is not just technological but also cultural: it is necessary to move from a reactive approach to a proactive one, through well-defined security strategies and technologies capable of promptly detecting and responding to new cyber threats.

SGBox is committed to remaining at the forefront of cyber threat evolution, continuously developing new features and updating its solutions to guarantee the maximum level of protection to its customers.

To find out how SGBox can help your organization build a solid cybersecurity strategy, contact us for a personalized consultation.

PROTECT YOUR COMPANY>>