Analysis of Major Cyber Attacks on Italian Businesses and the Role of Cybersecurity Training in Reducing Human Risk
In 2024, 14,895 cyber incidents were recorded against Italian companies: more than 60% affected the manufacturing and financial/insurance sectors.
Phishing, malware, and social engineering still exploit the human factor as a weak point.
This analysis explains why cybersecurity awareness training — based on a program that delivers key content through regular, short, and targeted micro-interventions, attack simulations, and continuous updates — is the most effective approach to reduce cyber risk.
A recent report commissioned by Aused and conducted by Certego, based on a representative sample of 1,200,000 IT assets of Italian companies, analyzed 14,895 recorded incidents and managed to outline the state of cybersecurity in the country’s businesses.
The data, as expected, is certainly not encouraging: among the most affected sectors is manufacturing, with 32.4% of attacks (4,827), followed by the finance/insurance sector, with a percentage of 29.2% (4,355 attempted attacks).
In short, it seems paradoxical that those who should insure us against damages are among those who are most at risk on the attack front.
Malware is the most widespread type of attack, followed by phishing and social engineering, which emphasizes, once again, how the human factor remains the weakest link in the security chain and therefore the one that needs the most work.
Moreover, to these worrying predictions, “we must add the” cybercriminals’ adoption of “artificial intelligence, an element that is revolutionizing the threat landscape because attacks are increasingly sophisticated, adapt to the chosen victim, and are difficult to detect. According to Gartner, by 2025, at least 30% of attacks will be enhanced by” AI, with techniques such as automated phishing, dynamic malware, and real-time vulnerability detection in business systems.
It’s not surprising, then, that more and more IT managers are trying to respond to attackers using their own weapon. Gartner also emphasizes that 34% of organizations are already using or implementing artificial intelligence application security tools to mitigate risks associated with generative AI.
An effective solution, provided these tools are supported by continuous verification and updates capable of keeping pace with the speed at which cybercrime evolves, which uses the same AI to attack in increasingly subtle and ruthless ways. Therefore, even the human users of the technology must never fall behind.
So we always come back to the “human factor” which, thrown out the door and replaced with tools that don’t make mistakes, must necessarily come back through the window because it remains an essential element of the security chain.
This is why a culture of corporate awareness will be increasingly crucial in every sector, particularly for those recording the highest attack data, as will permanent training that includes comprehensive, continuous programs, tailored to each user, always updated on the latest developments in an ever-changing crime landscape, and, above all, that include continuous exercises and training.
Also because cybersecurity outlines a continuous process that requires constant commitment in which everyone must be involved and play their role with great responsibility. It takes very little to open the doors to criminals: one click too many, a missed verification, a moment of distraction by anyone, from top figures to more executive ones.
In an instant, hell can break loose, and you can be put in check by some gang of criminals who will then, most of the time, be impossible to trace and identify.
A significant challenge, therefore, that companies will have to face in the years to come, which requires starting to gear up right away, without delay.
We are going through crucial years on the technology front, and falling behind can represent a serious risk of suffering both economic and reputational damage. After all, just look at the daily news, full of reports of attacks that don’t spare even the most cunning people.
Therefore, beyond the now essential technological protection tools, training remains a necessary pillar to strengthen the boundaries of companies and organizations. Without the correct digital posture of employees and collaborators, even the most advanced protective system could collapse.
Naturally, we’re talking about training that’s adequate to the challenge, as mentioned earlier, differentiated in tools, constantly updated with the latest cyber risk developments, featuring brief but daily slots and targeted practical exercises. But above all, it must be organized based on each user’s personal knowledge level. Everyone must be put in a position to recognize the “smell” of an attack from afar and transform themselves into a fortress of protection for themselves and for the company or organization they work for.
Only this way will it be possible to drive away the cybercriminal of the day who will give up their malicious intentions and decide, perhaps, to go cause damage elsewhere, seeking other less prepared and aware victims.
Strengthening the human factor and transforming it from a vulnerable element into a solid security pillar thus represents the most winning deterrent to contain a type of crime that can only grow and become more sophisticated in the coming years.
Article published on Insurzine by Maurizio Zacchi
