All News

Cyber

Global Cybersecurity Index 2024: Italy among the best in the world in cybersecurity

03 February 2025

The fifth edition of Global Cybersecurity Index (GCI), published by the International Telecommunication Union (ITU), a UN agency specialized in ICT, offers an updated look at the state of global cybersecurity, evaluating the commitment of 194 countries in this area. Since GCI 2024, Italy has emerged as one of the best countries in the world of cybersecurity, showing how, with the right combination of regulations, skills and strategic vision, first-level security standards can be achieved.

What is the Global Cybersecurity Index

The Global Cybersecurity Index is a periodic report by the ITU, launched in 2015, that measures the degree of commitment and preparation for cyber security in each country. Each edition collects data through national questionnaires and assigns an overall score out of 100 to each country, based on five evaluation pillars. The goal is to provide a comparative framework to identify strengths and areas for improvement, guiding policies and investments in digital security. In GCI 2024, 194 countries were involved, making the last edition the most attended ever. Compared to previous versions, this edition introduces important methodological innovations, in particular a tier (level) assessment approach instead of a pure numerical ranking.

I Five Pillars of Cyber Security evaluated by the GCI:

  • Legal measures: regulatory framework on cybercrime, data protection and privacy, including laws to prosecute cybercrimes and regulations that effectively protect personal information (e.g. obligation to report violations).
  • Technical measures: technological capabilities and operational certifications put in place to face threats. This includes the presence of a national CERT/CSIRT active for the management of incidents and the adoption of safety standards in the various sectors.
  • Organizational measures: coordination strategies and structures at country level. For example, it evaluates the existence of an updated national cybersecurity strategy, of government agencies dedicated to its implementation and of programs such as the protection of minors online.
  • Capacity development (capacity building): training, education and awareness initiatives to increase skills and awareness on cybersecurity. It includes public awareness campaigns, the inclusion of cybersecurity in school curricula and incentives to grow experts in the field.
  • Cooperation: national and international collaborations to address cyber risks.

Having carried out an assessment based on the above-mentioned pillars, for the first time, The GCI does not limit itself to drawing up a ranking from the first to the last, but divides countries into five performance groups (Tier 1-5) based on the score, where Tier 1 (score 95—100) represents the most virtuous and advanced countries — considered “role-models” — while Tier 5 (score <20) includes the nations at the beginning of the journey. This level system allows countries to deal with similar peers and to more easily identify models to follow from which to learn best practices. In addition, it highlights that in every region of the world, leading states and lagging states coexist, encouraging the sharing of experiences: each geographical area presents both examples of excellence (Tier 1) and countries that have yet to develop basic capacities (Tier 4—5).

A look at the global landscape

The picture that emerged from GCI 2024 It is one of progressive global improvement, but with marked differences between areas and nations. On average, the overall world score rose to 65.7 out of 100, marking a significant increase (+27% compared to 2020).

The level of preparation, as expected, varies depending on the pillar considered. In general, countries achieve the best results in the legal field, thanks to the widespread dissemination of laws on cybercrime and data protection. On the contrary, average scores tend to be lower in the technical pillars and of Capacity building, a sign of a significant struggle to equip themselves with advanced technical skills and sufficient training programs. Almost everyone has adopted at least one national cybersecurity regulation; on the other hand, only a few have established a fully active national incident response team and only 83 countries are involved in any regional association between these teams (to coordinate at a supranational level). On the organizational front, 132 governments have developed a national cybersecurity strategy and 161 have created a dedicated government agency — just think of the cyber agencies established in recent years in many states. Instead, they remain gap in capacity building.

Italy's position in GCI 2024

Italy appears in the Global Cybersecurity Index 2024 as one of the countries at the top of the world. In fact, our country falls into Tier 1 (the highest end) thanks to a very high overall score - practically the maximum, 100/100 according to reports - thus making it one of the global models in the field of cyber security. The ITU, in its report, defines Italy as a”Model country for its cybersecurity posture”: in other words, the Italian level of preparation is promoted with flying colors.

Based on the ITU report, Italian excellence is the result of a series of strengths distributed across each pillar:

  • Legislation and strategies: Italy now has a robust regulatory framework on cybersecurity and cybercrime.
  • Technical and operational skills: Italy has developed considerable technical capabilities to deal with digital threats. In particular, it has the presence of a national CSIRT (Computer Security Incident Response Team) operating 24 hours a day to manage and coordinate the response to computer incidents. Since 2022, CSIRT Italia has been incorporated into the National Cyber Security Agency (ACN), the new central authority created precisely with the task of strengthening national cyber security. Under the ACN, rapid alert and cyber crisis management structures have been unified and strengthened, making the response to possible attacks more efficient. In addition to the national team, Italy has promoted the creation of sectoral CERTs and dedicated defense structures in critical areas (such as finance, energy, public administration), raising the level of protection in the various sectors.
  • Organizational structure: a key element of Italian success is having established dedicated bodies and clear governmental coordination mechanisms on cybersecurity.
  • Skills development and awareness: Italy has increasingly invested in the development of human capacities in the cyber field. The GCI recognizes the country's training and awareness-raising efforts, for example through cybersecurity education programs and initiatives aimed at creating specialized skills. In recent years, many dedicated academic courses have been created (cyber security has entered the curricula of degrees and masters at various universities) and projects to discover and train young talents (such as the CyberChallenge.it program aimed at students). These efforts, while still evolving, indicate the desire to bridge the skills gap and create a widespread culture of cybersecurity in the country.
  • National and international cooperation: Italy's top position is also due to the extensive collaboration activated both within borders and abroad.

Despite this very positive profile, recognition as a Tier 1 country does not mean that Italy's work is finished — on the contrary, it involves responsibility and new challenges. As an advanced nation, in fact, Italy must now keep its attention high and consolidate what has been built. A first crucial area is the concrete implementation of all planned measures: having laws, strategies and structures is essential, but it is necessary to ensure that they work effectively in daily practice. It will be important, for example, to fully implement the National Strategy through annual operating plans, to periodically check the progress of the initiatives and to correct any delays. Another The area of improvement is to permanently fill the shortage of qualified professionals: like many countries, Italy also suffers from a shortage of cybersecurity experts compared to growing demand. Continue to invest in specialized training, certifications and professional paths in cyber It will be essential to provide both the public and private sectors with the human resources necessary to face increasingly sophisticated threats. Similarly, it will be necessary to expand the culture of safety at all levels:

Today, large companies and central governments have developed a fair amount of cyber awareness, but the fabric of SMEs and local authorities is still heterogeneous.

Finally, on the technological front, Italy will have to keep up with the evolution of threats: invest in innovation and constantly update its defenses.

The current cybersecurity challenges

Despite progress, the cyber landscape remains complex and constantly evolving. The GCI 2024 report highlights some key challenges that all countries are facing today:

  • Ransomware attacks on the rise: there is an explosion of ransomware attacks, in which criminals block systems and data asking for a ransom.
  • Data breaches and privacy protection: large scale data breaches are increasingly frequent and affect heterogeneous sectors, from school to finance; and, in addition to economic and reputational damage for victim organizations, these incidents fuel serious concerns about user privacy.
  • Gap between countries advanced and developing: there remains a marked disparity in the ability to deal with cyber threats between mature nations and emerging countries.
  • Rising economic costs of incidents: the damage caused by cyberattacks has reached record levels.
  • Risk of large scale interruptions: today's economy and society are critically dependent on continuously operating digital services. The report notes concern about recent episodes of outage (collapse of online systems or platforms) that have caused significant chain interruptions, for example affecting supply chains or air traffic.

Finally, it should be noted that another The often underestimated challenge is the effective implementation of existing policies and agreements. Many countries — including advanced ones — have signed numerous treaties and developed strategies on paper, but find it difficult to translate them into functioning operational mechanisms. The gap between theory and practice, between formal commitment and real skills, is a cross-cutting issue that GCI 2024 brings to the attention: Closing this implementation gap is essential to give substance to the progress measured by the index.

A constantly evolving path

Cybersecurity is confirmed to be a crucial global challenge. Threats such as ransomware continue to increase in frequency and impact, affecting not only companies but also governments and critical infrastructures (energy, transport, healthcare) and causing serious disruptions. At the same time, data breaches (data theft) are increasingly common, they generate an extremely onerous impact for companies and raise very strong concerns about privacy, prompting authorities to react.

The Global Cybersecurity Index 2024 shows us a world in motion: on the one hand, significant progress has been made in global cybersecurity, and on the other hand, the work to be done remains significant and urgent. The cyber threat continues to evolve hand in hand with digitalization, and with it, defenses must evolve. Even for advanced countries, having reached heights of excellence implies a constant commitment to maintain and raise safety standards, because new risks are always on the horizon. Keeping high attention on this issue is essential at all levels, be they political, economic or social. Cyber security must remain a shared strategic priority. Progress is possible, but it requires political will, targeted investment and cooperation.

The case of Italy, promoted to the highest score, indicates that with the right combination of regulations, technical skills, organizational vision, training and partnerships with companies specialized in intelligence and cyber security, excellent levels of security can be achieved.

Author:

Luca Marchesi

Share article
Download PDF

More articles

Find out more
Cyber security
Cyber risks

Cyber

Cybersecurity in healthcare: vulnerability assessment and testing

The digital transformation of healthcare has improved care thanks to advanced technologies, but it has also increased the IT risks associated with connected devices.

May 19, 2025
8 April 2025
Read More
Digital investigations
Forensic investigation
Cyber security

Digital Forensics

Digital Forensics: la chiave per scoprire violazioni e malware

Il ruolo della digital forensics è centrale non solo nell’analisi degli incidenti informatici, ma anche per individuare software malevoli nei dispositivi.

May 16, 2025
16 May 2025
Read More
Cyber security
Cyber risks
NIS2
Supply Chain Security

Compliance

Supply Chain Security and NIS2

With a structured approach to risk management, the NIS2 Directive imposes a strict supply chain security policy.

May 21, 2025
14 May 2025
Read More

Contact us

For information on our services, or to book an appointment, please contact us. We operate nationwide and internationally.

Contact
Argo S.p.A.
Via dei Gracchi 32,
00192 Roma (RM)
P.I. 15137521009
©0000
Services
Intelligence
Fraud Investigation
Digital Forensics
Cyber
Security
Compliance
Solutions
Company
Who we are
Contacts
LinkedIn
News & Insights
Argo S.p.a.
Via dei Gracchi 32, 00192 Rome (RM)
P.I. 15137521009
©0000
Privacy PolicyCookie PolicyCode of Ethics
Site by OFF+BRAND.