Winter Olympics Under Siege: Italy Faces a Surge of Cyber Attacks Amidst NIS2 Rollout
Subtitle: February 2026 saw a dramatic spike in cyber incidents across Italy, but Olympic events remained untouched by digital disruption.
As Italy basked in the global spotlight during the 2026 Milan-Cortina Winter Olympics, a different kind of contest was unfolding behind the scenes: a race against an unprecedented wave of cyber threats. According to the National Cybersecurity Agency (ACN), February witnessed a staggering 60% increase in reported cyber incidents compared to January, raising alarms across both public and private sectors. But what fueled this digital onslaught-and how did Italy’s cyber defenses hold the line during one of its most high-profile months?
Fast Facts
- Cyber incidents in Italy rose by 60% in February 2026 compared to January.
- 436 cyber events and 174 confirmed incidents were recorded by the ACN.
- No cyber attack disrupted Olympic competitions or essential services.
- Manufacturing, technology, and local public administration were the hardest-hit sectors.
- Major attack vectors included phishing, compromised credentials, and unpatched vulnerabilities.
The Anatomy of a Spike: Why Did Cyber Threats Soar?
The dramatic rise in cyber incidents wasn’t just a product of opportunistic hackers. February marked the enforcement of the NIS2 Directive, which expanded the range of organizations required to report digital threats. This regulatory shift, combined with the heightened attention around the Winter Olympics, created a perfect storm for incident visibility. The ACN attributes much of the spike to this broadened reporting-but the volume and diversity of attacks suggest more than just better bookkeeping.
Sector analysis reveals that manufacturing firms faced relentless phishing campaigns and data exposures, technology companies grappled with credential-based intrusions and email account compromises, while local public administrations endured waves of DDoS attacks. Ransomware continued its reign, with attackers exploiting weak remote access configurations and previously compromised credentials. Of the ransomware assaults, 14% targeted critical entities, 38% hit medium-criticality organizations, and the remaining 48% affected less vital targets.
The Olympics: High Stakes, No Disruption
Despite the cyber turmoil, the Milan-Cortina Olympic Games proceeded without a hitch. The ACN confirmed that no digital incident impacted competition integrity or essential Olympic services, a testament to the resilience of Italy’s cyber defenses during a period of global scrutiny. Still, the threat landscape was anything but quiet: 19 public ransomware claims and 46 DDoS attack assertions surfaced in open sources against Italian targets.
Vulnerabilities and Proactive Defense
With 4,807 new software vulnerabilities (CVEs) published in February-over a thousand accompanied by proof-of-concept exploit code-the attack surface remained vast. The Italian CSIRT issued 868 proactive alerts about exposed and vulnerable services, and flagged 12 potentially compromised institutional accounts linked to infostealer malware. In total, over 4,600 direct advisories were sent to public agencies and businesses, underscoring the relentless pace of cyber risk management.
Conclusion: A New Era of Threat and Vigilance
Italy’s February cyber surge serves as a stark reminder: regulatory change and global events can dramatically reshape the threat landscape, exposing weaknesses and testing defensive readiness. While the Olympics escaped unscathed, the underlying data signals a persistent, evolving digital battleground-one where vigilance, rapid response, and cross-sector cooperation are non-negotiable.
WIKICROOK
- NIS2 Directive: The NIS2 Directive is an EU law requiring critical sectors and their suppliers to strengthen cybersecurity and report serious cyber incidents.
- DDoS Attack: A DDoS attack is when many computers flood a service with fake requests, overwhelming it and making it slow or unavailable to real users.
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- CVE: CVE, or Common Vulnerabilities and Exposures, is a system for uniquely identifying and tracking publicly known cybersecurity flaws in software and hardware.
- Infostealer: An infostealer is malware designed to steal sensitive data-like passwords, credit cards, or documents-from infected computers without the user's knowledge.




