Italy's 2025 cybercrime report reveals a nation under digital siege

The numbers behind Italy’s cyber battle

The Polizia Postale e per la Sicurezza Cibernetica has released its annual report for 2025, offering a comprehensive snapshot of cybercrime trends in Italy. The figures paint a complex picture: 51,560 cases handled, 293 arrests, and 7,590 individuals placed under investigation. These numbers reflect a law enforcement apparatus working at full capacity, but they also raise questions about the broader state of digital security in the country. The report consolidates data through December 21, 2025, and provides insight into how Italian authorities are responding to an increasingly sophisticated threat landscape.

Financial cybercrime dominates the statistics, with 27,085 cases representing more than half of all incidents handled. This category encompasses everything from phishing campaigns targeting individual bank accounts to elaborate Business Email Compromise schemes aimed at corporations. The sheer volume suggests that online fraud has become normalized rather than exceptional, a troubling indicator for a country whose small and medium enterprises form the backbone of its economy.

What stands out is the gap between cases and consequences. While investigators reported nearly 7,600 people to judicial authorities, only 293 were arrested. This disparity is not necessarily a failure of enforcement, it may reflect the jurisdictional complexity of cybercrime, where perpetrators often operate from countries with limited extradition agreements. Still, it underscores the structural challenge facing any national cybercrime unit: digital criminals exploit borderless infrastructure while law enforcement remains constrained by territorial boundaries.

Critical infrastructure faces persistent pressure

The CNAIPIC (Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) registered 9,250 cyberattacks against critical infrastructure in 2025, issuing more than 49,000 security alerts throughout the year. These figures mark a 22 percent decrease from the 2023 peak of 11,930 attacks, a year when geopolitical tensions related to the conflict in Ukraine drove a surge in both state-sponsored and hacktivist activity.

The reduction could be interpreted optimistically, as evidence that defensive measures are working, but a closer reading suggests caution. The report notes that hybrid threats linked to international tensions continue to have domestic security implications, meaning the attack surface has not shrunk, even if the raw count has. The CNAIPIC’s role during high-profile events like the Jubilee celebrations, where dedicated war rooms provided rapid threat containment, demonstrates that reactive capability is improving. Whether proactive resilience is keeping pace is less clear.

The ENISA Threat Landscape provides useful context here. Across Europe, ransomware and supply chain attacks remain the dominant concerns, and Italy is not immune. The CNAIPIC handled 47 international cooperation requests in 2025, a modest number that may reflect either the localized nature of incidents or limitations in cross-border information sharing. For a country with significant exposure to Mediterranean and Eastern European threat actors, the latter possibility deserves scrutiny.

Protecting minors in a hostile digital environment

The Centro Nazionale Contrasto Pedopornografia Online (CNCPO) handled 2,574 cases involving child exploitation material and grooming, resulting in 222 arrests. Investigators monitored over 16,500 websites for child sexual abuse material and added 2,876 domains to the national blacklist. These numbers reflect a relentless operational tempo, but they also reveal the scale of a problem that technology alone cannot solve.

The report highlights intensified activity on dark web platforms and encrypted messaging services, where predators exploit anonymity to evade detection. This is consistent with global trends documented by organizations like the Internet Watch Foundation, which has repeatedly warned that self-generated imagery involving minors is accelerating, driven partly by social media dynamics that encourage oversharing among young users.

Beyond exploitation material, the Sezione Operativa (Operational Section) investigated 1,298 individuals for crimes against persons, with 477 cases triggering “Codice Rosso” procedures, a fast-track protocol for crimes involving violence against women. The report notes that stalking and revenge pornography cases disproportionately affect women, a pattern that mirrors findings from European Institute for Gender Equality research on cyber violence. The intersection of gender-based violence and digital platforms is no longer a niche concern; it is a mainstream enforcement priority.

AI and the evolution of sophisticated fraud

Perhaps the most forward-looking section of the report addresses the role of artificial intelligence in financial crime. Investigators observed a marked increase in scams leveraging deepfake technology, where synthetic video or audio is used to impersonate executives, family members, or trusted contacts. These attacks bypass traditional verification methods because they exploit human trust rather than technical vulnerabilities.

The 4,489 individuals investigated for financial cybercrime represent just the visible portion of this ecosystem. Behind each case are likely dozens of unreported incidents, victims too embarrassed to come forward or unaware they have been deceived. The growing complexity of AI-enabled fraud is pushing authorities toward new criminal offense classifications, a legislative process that historically lags far behind technological change.

The Commissariato di P.S. Online, which serves as the public-facing platform for reporting and prevention, recorded over 5.2 million website visits and handled 94,000 reports ranging from phishing attempts to social media harassment. The educational outreach effort reached 324,702 students across 4,309 schools, an investment in digital literacy that may pay dividends over the coming decade. Whether it will be enough to counter the accelerating sophistication of threat actors is an open question.

Beyond the statistics: what the report does not say

Every institutional report is also a document of omission, shaped by what authorities choose to emphasize and what they leave in shadow. The 2025 Polizia Postale report excels at quantifying activity (cases, arrests, alerts, website visits) but offers less insight into outcomes. How many of the 27,085 financial crime cases resulted in asset recovery? What percentage of the 7,590 reported individuals were ultimately prosecuted? How effective are the 2,876 blacklisted domains when determined operators can register new ones in minutes?

These are not rhetorical criticisms but genuine analytical gaps that future reporting could address. The report’s emphasis on awards received, including recognition at the World Police Summit in Dubai for an educational comic book project, suggests an institution proud of its visibility but perhaps less focused on demonstrating measurable impact.

The underlying challenge is structural. The Polizia Postale operates within a European regulatory environment increasingly shaped by directives like NIS2, which emphasizes resilience and incident reporting but cannot, by itself, close the capability gap between well-resourced attackers and overstretched defenders. The report acknowledges the rise of hybrid threats and AI-enabled crime, yet offers little detail on how resource allocation is evolving to meet these challenges.

What remains clear is that Italy faces a cybersecurity landscape where volume of activity is not the same as effectiveness, and where institutional effort, however substantial, must be measured against adversaries who operate with fewer constraints and greater agility. The 2025 report is a valuable data point, but the real test will be whether future editions show not just how much the Polizia Postale is doing, but how much that work is actually changing the trajectory of digital crime in the country.