Overview

In 2021, the cybersecurity market was valued at $1.6 billion, 13% more than the previous year. Italy ranked fourth in the world and first in Europe for the number of malware attacks, with government and healthcare facilities increasingly targeted by ransomware attacks. With the growth in remote work, attacks on PCs doubled, as cyber criminals shifted their focus to the weakest link in the chain: the endpoint and the employee’s PC. In 2021, the Postal and Communications Police (CNAIPIC) managed 5,434 significant cyberattacks, with 110,524 security alerts and an average of 15 attacks per day against the IT services of institutions, critical IT infrastructures of national interest, sensitive infrastructure of regional interest and large companies. The manufacturing sector also saw a significant rise in cyber events (18%). Many attacks had an organized crime dimension attributable to well-structured partnerships, often operating on a transnational level. CNAIPIC mostly engages in cyber events that include malware attacks, especially ransomware attacks, phishing, and advanced persistent threat (APT) campaigns.

Leading Sub-Sectors

Malware and botnet events compromised 58% more servers in 2021. Larger companies turned to tools such as firewalls or virtual private networks (VPN) to raise protection levels, providing employees with remote access to corporate VPNs while augmenting perimeter protection. About 60% of large organizations are expected to increase their IT security budgets this year. Infection penetration has also become relevant in mobile, with the FluBot malware infecting mainly Android devices. The primary sectors targeted include finance, insurance, and public administration (PA).

Large-company investments drive the Italian market for cybersecurity. The manufacturing sector provides the largest investments in Industry 4.0 and in artificial intelligence (AI) technologies used by 45% of large companies with forecasts for continued growth. The financial/banking and utility sectors are the main end-users of IT security, followed by the defense, public (national and local), manufacturing, transportation, and telecommunication sectors.

More than 50% of small and medium-sized enterprises (SMEs) are unprepared to face increasing threats. One in five companies lack a specific investment plan for IT security or only allocate resources as needed. Small firm managers perceive security as a cost rather than an investment and tend to show resistance in approving IT security expenditures. As this mindset slowly changes, sector analysts expect increased SME investments. Medium-sized companies and (to a lesser extent) small companies are increasingly choosing to invest in cybersecurity, often opting for advanced cloud security solutions.

Opportunities

Top market drivers include increased IT security awareness and enforcement of new government measures, while challenges include the increased sophistication of cyberattacks, a complex regulatory landscape, and the need to reduce a highly fragmentated IT security infrastructure. Strong opportunities exist in the software, hardware, and service areas, including cloud and mobile security, identity management, and endpoint solutions.

Cybersecurity is a key element in Italy’s digital transformation strategy. Government measures are being put in place to boost efforts to counter cyber risks. The National Cybersecurity Authority (ACN) was established in June 2021 to protect the national cyberspace. The agency promotes a coherent regulatory framework in the sector, and exercises inspection and sanction functions. ACN ensures the implementation of Italy’s first-ever cybersecurity strategy announced in May of this year, which outlines the country’s digital roadmap. Security and innovation are priorities of the plan, which seeks to implement over 80 measures by 2026, some via public-private partnership.

ACN will oversee the creation of a unified cloud computing infrastructure, a $2.5 billion project, to increase security for PA data storage. The consortium TIM-Leonardo-Cassa Depositi e Presiti-Sogei, which is partnering with Microsoft, won the tender for the project in June 2022. The NRRP deadline for the creation of the national cloud is the end of 2022.The goal is to have 75% of the Italian administration using cloud services by 2026.

The National Cybersecurity Perimeter Law ensures a high level of security for networks, IT systems, and services used by government agencies, PA, state-owned entities, and private companies that exercise an essential function of the state or services fundamental to the country’s interests and national security. It also provides the framework for providers of IT products and services that must meet certain requirements, such as data localization. The law also provides a legislative amendment on foreign investments in certain strategic sectors.

The certification of cloud computing services (SaaS, PaaS, and IaaS) for use by the PA is the responsibility of the Agency for Digital Italy (AGID). All firms, domestic and foreign, may register on the eProcurement Platform to begin the qualification process and proceed to operate on the electronic marketplace of the PA (MePA). U.S. companies should ensure that they meet all requirements, such as having a legal entity or legal representative entrusted with the power to act on its behalf. In-country legal representatives may register. A helpful guide in English is available, providing details on the qualification process. Important requirements include the use of a digital signature and certified email (PEC). Questions about the status of pending registrations may be emailed to qualificazioni-cloud@agid.gov.it.

Relevant PA acquisitions which exceed thresholds are carried out via public procurement tenders published on the EU’s Tenders Electronic Daily (TED). For information on public procurement in the EU, see the relevant section of the Country Commercial Guide for the European Union.

Resources

Italian National Cybersecurity Authority (ACN)

Agency for Digital Italy (AGID)

Electronic Marketplace of the PA (MePA)

Italian Official Gazette (public tenders)

Cybertech Europe (October 3–4, 2023, Rome)

U.S. Commercial Service Italy:

Maria Calabria, Commercial Specialist

U.S. Commercial Service, U.S. Embassy Rome

Tel: +39 06 4674 2427

E-mail: maria.calabria@trade.gov