Italy - Country Commercial Guide

This is a best prospect industry sector for this country. Includes a market overview and trade data.

Last published date: 2021-10-29


According to the Italian Cybersecurity Association (CLUSIT):, the Italian cybersecurity market registered in 2020 a 4% increase with a total investment spending of $1.7 billion. Remote working led to twice as many attacks on PCs, as cyber criminals shifted their focus to the weakest point in the chain: the endpoint and the employee’s PC. The risks associated with cyberattacks pushed larger companies to raise protection levels with tools such as firewalls or virtual private networks (VPN), providing employees with remote access to corporate VPNs and simultaneously augmenting perimeter protection.

Data collected by the Postal and Communications Police (CNAIPIC) shows that cyberattacks increased by 246 % in [INSERT CALENDAR YEAR] and have an organized crime dimension attributable to well-structured partnerships, often operating on a transnational level. CNAIPIC has mostly engaged with cyber events that include malware attacks, especially ransomware attacks, phishing, and advanced persistent threat (APT) campaigns. Ministries and health organizations involved in treating COVID-19 patients have been subject to phishing and APT campaigns with the objective of capturing confidential information regarding the progress of the pandemic and vaccine and anti-COVID therapies development. Last year there was also a notable rise in financial crimes that resulted from massive phishing campaigns.

Large company investments primarily drive the Italian market for cybersecurity. The manufacturing sector provides the largest investments in Industry 4.0 and in artificial intelligence (AI) technologies, which are used by 45% of large companies with forecasts for continued growth. The financial/banking and utilities sectors are the main end-users of ICT security, followed by defense, national and local governments, manufacturing, transportation, and telecommunications sectors. 

More than 50% of small- and medium-sized enterprises (SME) are unprepared to face the increasing threats. One in five companies lack a specific investment plan for information security or only allocates resources in the case of need. Small firm managers perceive security as a cost rather than an investment and tend to show resistance in approving IT security expenditures. As this mindset slowly changes, sector analysts expect increased SME investments. Medium-size companies and (to a lesser extent) small companies are increasingly choosing to invest in cybersecurity, often opting for advanced cloud security solutions. 

Government measures are being put in place to boost efforts to counter cyber risks, which includes Law No. 133/2019 which establishes the National Cyber Security Perimeter as well as the legislation amendment on foreign investments in certain strategic sectors. Law 133 ensures a high level of security for networks, IT systems, and services utilized by government agencies, public administration, state-owned entities, and private companies that exercise an essential function of the state or services that are fundamental for the country’s interests and national security. It also provides the framework for providers of IT products and services that must meet certain requirements, such as data localization.

Other important developments include the creation of a new national agency responsible for fighting cyberattacks, and the creation of a unified cloud infrastructure to increase security for public administration data storage. The cloud project requires about $1.1 million in investment from the EU. Italy intends to create the cloud infrastructure through a public-private partnership and will be implemented by a European tender. In May 2021, the Minister of Innovation announced that the project will also involve overseas tech companies.

Top market drivers include increased IT security awareness and enforcement of new government measures, while challenges include countering increased sophistication of cyberattacks, tackling the growing regulatory complexity and reducing the fragmentation of IT and security infrastructures. Strong opportunities exist in the software, hardware, and service areas, including cloud and mobile security, identity management, and endpoint solutions.

Public Administrations make their most relevant purchases through public tenders published in the EU’s Tenders Electronic Daily (TED) ( For information on public procurement in the EU, visit the U.S. Mission to the European Union website (

U.S. Commercial Service Contact:
Maria Calabria, Commercial Specialist
U.S. Commercial Service, U.S. Embassy Rome
Tel: +39 06 4674-2427