The Covid-19 pandemic and consequent lockdowns have obliged companies to face new challenges such as smart working, remote work and digitalization, accelerating all previous eforts in that direction. As reported by Gartner [ 1 ], most organizations were already moving their digital agenda forward at a steady pace, but the Covid-19 pandemic required a significant leap in the development of digital products and services, with the goal of maintaining and fostering customer engagement. However, digitalization has generated many cybersecurity issues and the intensification of cyberattacks all around the world [ 2, 3 ]. In this scenario, Italy is an interesting case study since it is home of mostly small to medium enterprises (SMEs), active in diferent sectors, and can consequently highlight cybersecurity aspects that are diferent from those faced by larger companies of greater influence. This paper presents the status of the Italian scenario, to understand how cyberattacks and cybersecurity have fared during the ongoing COVID-19 pandemic. Section 2 presents the Digital Attacks Observatory, a survey that we have used to collect relevant information about cybersecurity and Italian organizations. Sections 3 and 4 report a detailed discussion of the collected data and observed trends. Finally, Section 5 concludes by underlying the importance of a cybersecurity culture focused on the Italian reality.

The Digital Attacks Observatory (OAD) [ 4 ] is the only independent online survey in Italy about intentional digital attacks on IT systems of companies and public bodies. It is implemented in collaboration with the Italian Postal and Telecommunication Police. The last OAD 2020 was the twelfth year of consecutive surveys on cyberattacks in Italy. The OAD survey is not directed at a predefined set of respondents, but allows potential interested parties to have full and free access to an online questionnaire, in a totally anonymous way. The survey has collected responses from 310 enterprises in 2020, in comparison to 296 and 2019 and 269 in 2018. Thanks to the number of responses collected and their balanced distribution between companies and public bodies of diferent size, belonging to diferent economic sectors, and diferent geographical areas, we can provide now a specific picture of the cyberattacks in Italy. 2.1. The Questionnaires About half of the OAD questionnaires refer to the occurred cyberattack typologies and their main characteristics. The other half refers to the technical and organizational security measures implemented on the IT systems of the respondents. Therefore, OAD allows one to match the cyberattacks to the cyber-measures in each production IT system considered. In fact, OAD provides a qualitative macro-evaluation of the implemented measures (within the specific context of the company), in order to motivate the anonymous respondents to complete the questionnaires. In particular, the security measures considered in the 2020 questionnaire were subdivided in technical, organizational, managerial and governamental, as follow: 2.2. Overview from 2019 to 1Q-2020 The OAD 2020 survey 1 [ 5 ] took place during the Covid-19 pandemic and covered the entire 2019 and the first quarter of 2020, when the pandemic exploded in Italy. The comparison of data 1The report is written in Italian, only the Executive Summary is in English: 186 A4 pages, 148 images and graphics, 11 Chapters (147 A4 pages) and 9 Attachments (39 A4 pages). from 2019 to that from the first quarter of 2020, provided by the same set of respondents, has statistical relevance and provides a clear indication of the Covid-19 pandemic on the intentional cyberattacks in Italy. This pandemic has triggered a wide range of cyberattacks, mainly caused by the sudden, and partly unexpected, passage to working from home and to a strong use of every type of IT service on the Internet, as a consequence of the mobility lockdowns imposed by the Italian authorities. The resulting respondents pool covers all the production sectors (Fig. 1), including public administration, even if the majority of the respondents companies belong to the ICT sector (30.8%). However, many of them are represented by low percentages. For this reason, missing suficiently representative samples, we have not performed a particular data analysis and correlations by sectors. The 2020 pool is well balanced for the size of the organizations, in terms of employees, between those below 250 and the largest ones. It must be taken into account, as reported by ISTAT [ 6 ], that 99.91% of enterprises in Italy are SMEs, with up to 250 employees, and 95% have fewer than ten employees. The OAD 2020 survey is therefore able to consider small and tiny organizations, that are the vast majority in Italy, and that usually are not considered in other cybersecurity surveys: 57.5% of the OAD 2020 respondents belong to structures with less than 250 employees and, of these, 22.1% have fewer than ten employees. The distribution of annual respondents’ turnover also reflects the turnover of SMEs, as shown in Fig. 2. Regarding geographical distribution (Fig. 3), the respondents’ companies and organizations are mostly located in the Italian territory (77.9%), predominantly in northern Italy (43.3%).

The data collected in the OAD 2020 show, in general, that the respondents have, for the most part, a good perception of the cybersecurity of their IT systems (Fig. 4). This information can be explained from the fact that: • About 30% of respondents are in the ICT sector, therefore their IT systems are managed with some cybersecurity literacy and can properly react to cyberattacks, preventing them or minimizing their efects. • In general, cybercriminals do not waste time and resources to attack small businesses, where they can only obtain a marginal profit and still take the risk of being caught by the police. As confirmed by the trends shown in Fig. 6 and Fig. 7, attackers target the larger companies most, because the illegal gain is more interesting in that case.

The chart in Fig. 5 analyzes the trend of cyberattacks. The figure shows that, from 2007 to 2015, in average, about 40% of the respondents reported cyberattacks (leftmost full red line). Since 2015, the trend increased to 45% of the respondents (rightmost full red line). In 2018, OAD reached the peak of reported attacks and, for the first time, the percent of reported attacks became larger than that percent of companies that did not report any attack. After the peak in 2018, year 2019 has a lower figure and the same occurs in the first quarter of 2020. The trend for full 2020 will be discovered with the currently ongoing OAD survey. This view, over several years, does not show significant changes, not even inside the pandemic period, but shows only a slight increase in cyberattacks in the recent years, not necessarily attributable to the pandemic crisis. One could wonder why the percentages in Fig. 5 are lower than what the reader would have expected, given the numerous cyber attacks occurred in Italy. As already discussed at the beginning of this section, the main reason seems the size of the Italian companies.

The comparison between the whole 2019 and the first quarter of 2020 in Fig. 6 maintains the same logical trend. The only meaningful diference is in the number of attacks reported by the smallest organizations (up to ten employees): they were 0% in 2019 and grow up to 22,2% at the beginning of 2020 (see the red arrow in Fig. 6). Such a strong increase follows from the extensive use of e-banking and e-commerce services, with the related cyberattacks.

Regarding the geographical distribution of attacks, Table. 1 shows that occasional attacks were evenly distributed throughout the territory in 2019, with systematic attacks focused on northern Italy (where the companies with the highest turnover are present). While Table. 2 shows that, already in the first months of 2020, there were several attacks.

The impact of the pandemic on the cybersecurity in Italy is also highlighted by the data provided by the Italian Postal and Telecommunication Police, that shows the situation for the critical infrastructures (Table 3), for the financial cyber-crimes (Table 4) and for the cyberterrorism (Table 5). Fraudulent transactions were blocked in all Italy in 2019 for a total value of e21.3 million and e18 million were recovered; in the first quarter of 2020, fraudulent transactions for e20.2 million were blocked, practically reaching in four months the amount blocked in the full twelve months of 2019, and e8 million have been recovered. This is an indication of the increase in attacks on financial transactions and services due to the very large use of these online services, caused by the mobility reduction measures consequent of the Covid-19 pandemic.

In the pandemic period, between 2019 and the first quarter of 2020, the nature of the attacks and their vectors were quite diversified. The attacks on IAA that aimed at access control systems are widespread, since they amount to 28.2% of the total attacks of 2019 and to 34% of the total attacks in the first quarter of 2020 (Fig. 8).

The other 14 types of attacks follow, decreasing by a few percent points between them, whose characteristics and impacts are detailed in the related paragraphs of the OAD 2020 report. Regarding attack vectors and techniques, all the seven attack families considered in the 2020 questionnaire are widely used in the various types of attacks, sometime even simultaneously, as shown in Fig. 9. The trend in Fig. 9 is also in line with most European reports, such as that of the European Network and Information Security Agency (ENISA) [ 7 ]. The most widespread one, in the average of the various attacks detected by the respondents, is the use of toolkits (rootkits, meta-exploits, etc.) for the identification and exploitation of vulnerabilities on the target system, with 38.8%, followed by the well-known malicious and unauthorized collection of information (social engineering, phishing, etc.), with 34.6%, and the use of malicious code and scripts, with 34.3%. The other considered techniques decrease, with a few percent points between them. The impacts of the most critical attacks are analyzed, for each attack type, as well as their possible motivations and the recovery time required by the most critical ones. In the 2020 OAD survey, all these attack characteristics vary for each type of attack, and the emerged results are described in the specific paragraphs dedicated to each attack type. In the overall, it emerges that: • the impacts declared by the respondents are balanced between those irrelevant and/or easily resolvable with a quick recovery and at limited costs, and those very critical, that require expensive and long recovery actions and that, in some cases, can cause business and customer losses. These two very diferent impact cases depend mainly on the security Geographic area Northern Italy Central Italy Southern Italy and islands Throughout Italy Throughout Italy and Europe Throughout Italy and abroad (also outside Europe) percentages of central Italy are very diferent from the others because the organizations responding from that geographical area were much fewer than the rest of the survey participant (Fig.3).

Geographic area Northern Italy Central Italy Southern Italy and islands Throughout Italy Throughout Italy and Europe Throughout Italy and abroad (also outside Europe)

Occasional cyber attacks Frequent and repeated cyber attacks Never detected cyber attacks (few dozen) (hundreds or more) 5,8% 6,3% 87,9% 0,0% 0,0% 100,0% 0,0% 0,0% 100,0% 30,3% 0,0% 69,7% 0,0% 0,0% 100,0% 28,8% 0,0% 71,2% Distribution of digital attacks (detected by the respondents) wrt. geographical area, in 1Q-2020.

Critical structure protection 1 Jan - 30 Apr 1 Jan - 31 Dec 1 Jan - 31 Dec 1 Jan - 31 Dec 1 Jan - 31 Dec 2020 282 • the motivations of the cyberattacks are mainly economic, such as fraud and blackmailing: the widespread difusion of ransomware in Italy is a clear confirmation of these As pointed out in Fig. 4, the IT systems considered in the 2020 survey and their cybersecurity are in the medium to high range and the collected information shows a relevant improvement in both technical and organizational measures, in comparison to the previous surveys. Few of the considered Italian IT systems are based on data centers in Italy: most of the respondents’ companies have medium to small IT systems partly on premise and partly outsourced, with an increasing use of cloud services. The high number of attacks detected in 2018, and the privacy obligations related to the European General Data Protection Regulation (GDPR), have certainly contributed to strengthening cybersecurity measures, and a further improvement comes from the growing use of cloud services, where high standard security measures are in place, usually. Organizational measures for cybersecurity, historically missing and neglected in Italy, have improved in terms of definition of roles and separation of duties, of organizational policies and procedures, and of incident management. These measures often are missing in small organizations, and in general the cybersecurity awareness and competence are low, and mainly concentrated at the top level of the public and private organizations. In Italy, there is still a long way to go in terms of cybersecurity continued training and awareness. A formal and bureaucratic approach to the organizational procedures is still prevalent. Once defined, such procedures often do not find concrete application and misses periodic updates and operational tests. A significant example is the disaster recovery plans, for which, typically, the required alternative IT resources are neither forecast nor allocated. Periodic exercises and simulations of the possible disasters are not implemented. Cybersecurity management tools have limited difusion yet, among the 2020 OAD respondents. This is particularly true for the most advanced ones, based on artificial intelligence. Although the use of IoT [ 8 ], industrial automation, robotics systems [ 9 ] and systems based on blockchain technology [ 10 ] are expanding and can contribute to fight the Covid-19 pandemic. In the OAD 2020 report, one finds only a few respondents involved in such technologies, which also derives from the limited portion of their economic sector, interested in such systems: the manufacturing sectors, the logistics, the research and development centers and labs, the local public administration for territorial control, and so on.

The OAD 2020 survey highlights the presence of cyberattacks of various types in Italy, all technically of an high complexity and sophistication, with a slight increase compared to the trend that emerged in the twelve years of the previous OAD surveys, but still below the peak of 2018. Despite the proliferation of cyberattacks related to the Covid-19 pandemic, in the first four months of 2020 the widespread of attacks is at a level similar to that of 2019. This will be better verified with the next OAD 2021. The Italian reality, made up of a very large number of small and tiny organizations, does not make our country very attractive to cybercriminals, but cyber-warfare and massive attacks represent a growing and serious risk, as has already occurred with the widespread of ransomware on computer systems with no or low measures of cybersecurity. The OAD 2020 shows a clear improvement and strengthening of digital security measures, both technical and organizational, even if the most modern prevention, protection and management systems that use artificial intelligence techniques are still in their infancy among the respondents. The defense measures and techniques in use fight the increasingly sophisticated and smart evolution of attacks, but often too late. The high density of vulnerabilities requires diferent approaches, aiming at making all IT systems interconnected to the Internet and safe, by default and by design. However, we are still a long way from this goal. In order to improve the actual fight against continuous attacks and cybercrime, it is currently necessary to increase awareness on cybersecurity and skills at all levels. It is also paramount to support an efective collaboration between police bodies at the international level.