Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Olivia Terragni : 13 April 2025 09:33
Author: Andrea Nicelli, Head of Italy and Spain at Resilience
Italy’s critical infrastructure is highly exposed to cyber threats, ranking fourth in the world and first in Europe for number of cyber-attacks faced in 2024.
Despite being a critical hub for digital innovation, companies in the country face significant threats from cybercrime, particularly in healthcare, government and universities. These sectors lack basic IT security infrastructure, and the adoption of cyber insurance is minimal. Ransomware is one of the primary threats for Italian organisations, with institutions including the University of Siena, Bologna FC, and SynLab Italia breached last year. Ransomware remained the leading cause of losses for businesses in 2024, according to Resilience’s risk report, and is expected to cost businesses globally €52bn this year.
Iscriviti GRATIS alla RHC Conference 2025 (Venerdì 9 maggio 2025)
Il giorno Venerdì 9 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terrà
la RHC Conference 2025. Si tratta dell’appuntamento annuale gratuito, creato dalla community di RHC, per far accrescere l’interesse verso le tecnologie digitali, l’innovazione digitale e la consapevolezza del rischio informatico.
La giornata inizierà alle 9:30 (con accoglienza dalle 9:00) e sarà interamente dedicata alla RHC Conference, un evento di spicco nel campo della sicurezza informatica. Il programma prevede un panel con ospiti istituzionali che si terrà all’inizio della conferenza. Successivamente, numerosi interventi di esperti nazionali nel campo della sicurezza informatica si susseguiranno sul palco fino alle ore 19:00 circa, quando termineranno le sessioni. Prima del termine della conferenza, ci sarà la premiazione dei vincitori della Capture The Flag prevista per le ore 18:00.
Potete iscrivervi gratuitamente all'evento utilizzando questo link.
Per ulteriori informazioni, scrivi a [email protected] oppure su Whatsapp al 379 163 8765
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
In this environment, decision-makers need to proactively reassess cyber risk management as attacks rise, and CISOs should strengthen defences and align cybersecurity with broader business goals, while organisations should stay ahead of evolving EU regulations to ensure compliance and resilience.
Ransomware has become the most prevalent and financially devastating cyber threat, exploiting common vulnerabilities within organisations. Cybercriminals target organisations of all sizes, using social engineering techniques, including phishing to trick employees into clicking malicious links. In addition, weaknesses in third-party vendor security can also provide a backdoor into networks and increase the chance of an attack.
Ransomware attacks often involve stealing sensitive data, typically via infostealers, which are malicious software designed to capture login credentials, financial records, and personal information. This data is then sold on the dark web, which has become a popular market for stolen information, fuelling further criminal activity. In some cases, stolen data is used to facilitate additional attacks, with hackers demanding payment to return both encrypted data and stolen information.
These attacks are the biggest driver of business losses, with organisations facing both the ransom payment and significant recovery costs. System downtime, lost productivity, recovery expenses, and reputational damage often lead to even greater financial losses than the ransom itself. The average cost of a data breach in Italy last year was the highest on record, at €4.28m.
Ransomware is becoming increasingly difficult to defend against. Cybercriminals’ tactics are evolving, such as using platforms including Tor and Telegram to evade detection, and utilising artificial intelligence to automate attacks, while exploiting both human and system vulnerabilities.
The healthcare sector is one of the most vulnerable to ransomware attacks, and according to the latest data from the WHO Europe, is the most targeted critical sector in the EU. Nearly half of the cyber incidents faced by the EU’s healthcare sector in 2024 were ransomware attacks, according to ENISA’s Threat Landscape Report, with the SynLab Italia breach highlighting the challenges the Italian healthcare sector faces. Healthcare providers increasingly rely on cloud-based tools, outsourced platforms, and connected medical devices, but many fail to manage the associated risks, leaving them exposed.
These attacks can have life-threatening consequences. Hospitals may face interruptions to urgent care, delayed diagnoses, and potentially jeopardised patient safety. The sector’s integration of cloud services, networked devices, and external providers increases its attack surface, allowing cybercriminals multiple entry points. Attacks can disable critical IT systems, steal patient data, and limit access to vital medicines and equipment, amplifying the damage.
What decision makers in healthcare need to understand is that a ransomware attack is no longer a question of “if” but “when”. Organisations should strengthen cybersecurity measures, implement robust data protection strategies, and ensure business continuity plans are in place to mitigate ransomware risks.
As cyber threats grow more complex, organisations must adopt a proactive and resilient approach to cybersecurity. CISOs and IT leaders need to move beyond traditional defensive measures and embrace resilience and cyber risk management as a core principle. With cyber-attacks now inevitable, organisations must focus not only on defence but also on ensuring rapid recovery and minimal operational disruption.
The role of the CISO has evolved in response to this shift. CISOs must be key players in boardroom discussions. Their expertise is essential for guiding investment decisions, vendor selection, and managing overall organisational risk. By integrating cybersecurity into business strategy, the CISO ensures it is not just a technical issue. CISOs can also quantify risk, translating cyber vulnerabilities into financial terms, helping financial decision-makers make informed investments and optimise cyber controls as part of a broader risk management strategy.
Organisations such as Resilience are playing a key role in driving this transformation by offering tools that allow businesses to quantify cyber risks, track vulnerabilities across systems, and take pre-emptive action before a breach occurs. In the event of a breach, cyber insurance and backup systems can mitigate operational disruption and ensure organisations can continue to function. By adopting such tools and approaches, organisations can build long-term cyber strength and protect themselves against the threat of ransomware.
In response to ransomware’s growing threat, the European Commission has introduced key frameworks aimed at strengthening cyber resilience, particularly in critical sectors such as healthcare. The EU Action Plan for Healthcare Cybersecurity, adopted in early 2024, acknowledges the sector’s vulnerability to ransomware and includes measures such as a Cybersecurity Support Centre, mandatory ransomware payment reporting, and enhanced monitoring of medical device vulnerabilities. It also establishes a European Health CISOs Network to share best practices and promote collaboration across the sector.
While these frameworks represent significant progress, organisations must work to proactively incorporate changes into their daily operations. Many sectors, particularly healthcare, still have fragmented cybersecurity practices, leaving them exposed to ransomware attacks. Without proper investment in preventative measures and incident response capabilities, regulations alone cannot provide full protection.
Italy’s growing vulnerability to ransomware requires immediate action. While regulations offer guidance, real progress comes from active implementation, and CISOs should lead cyber resilience efforts and implement strong risk management strategies. Companies including Resilience provide the tools to quantify risks, strengthen defences, and ensure rapid recovery. Now is the time to invest in resilience and protect against rising cyber threats.
Discover key cyber threat trends in Red Hot Cyber DarkLab’s 2025 Ransomware Report.
Olivia Terragni