AI and Geopolitics Are Accelerating Cyber Threats

The cybersecurity report, produced by the Cyber Security Foundation and TIM, highlights that AI accelerates cybersecurity threats. However, it also offers new capabilities for analysis and defense.

In 2025, ransomware attacks totalled more than 7,400 claims worldwide, up 42% on 2024, while in Italy there were 166 cases, an increase of 14%. Around 4 out of 10 incidents recorded in Italy were concentrated in the north-west of the country, with Lombardy accounting for more than 30% of the national total. The report also uncovers a positive trend: growing awareness and cooperation among institutions, businesses and the technical community now represent a key lever for turning threat analysis into concrete prevention, response and resilience capabilities.

At the root of ransomware’s acceleration lies a process of cybercrime industrialization, fueled by an increasingly unstable international context in which cyberattacks are ever more closely intertwined with dynamics of geopolitical pressure and strategic competition. In this scenario, AI plays a dual role: it is used to automate the production of malicious code and refine social engineering techniques, but it is also becoming an increasingly important lever to strengthen prevention, analysis, and response capabilities.

On the DDoS front, the report highlights around 4,300 events, down 36% from 2024, also due to preventive measures put in place. The contraction in volumes, however, does not signal any easing of the threat. Attacks are less widespread but more targeted, persistent and concentrated on strategic targets, intending to maximize operational impact. Campaigns were in fact more concentrated, with a 19% increase in average exposure time.

Excluding attacks against families and citizens, which account for around 7 out of 10 cases detected by TIM’s SOC, the Government sector rose to 46% of the total, followed by professional services, telecommunications and transport. Overall pressure, therefore, is not decreasing; it is changing shape and increasingly focusing on entities and services of high systemic relevance.

Ransomware confirms a sharp global acceleration, with almost one in two incidents occurring in the US, whilst the EU is the second most affected region, accounting for 16% of cases. The sharpest increases recorded across various European regions have reshaped the ranking of the most affected countries. Germany has overtaken the UK, whilst Italy has dropped to fourth place. Manufacturing and professional services were the sectors hardest hit, confirming how industrial density, operational continuity and reputational pressure are significant exposure factors.

The document also focuses on malware campaigns, which in 2025 affected entities in around 200 countries, and on the growth of known vulnerabilities, which reached almost 48,500, up 20% compared with 2024. The report also includes a focus on zero-days, flaws not yet known to vendors and therefore without patches, which can become tools for markets, espionage or strategic cyber operations. In this context, AI emerges as a threat multiplier, capable of accelerating phishing, fraud, abuse of cloud services and manipulation, but also as a potential defensive lever for triage activities, vulnerability analysis and support for Security Operations Centers.