In mid-January 2025, the AIPSI's OAD 2025 initiative started, which with this edition reaches the 18th consecutive year of online surveys into intentional digital attacks on companies and public bodies in Italy, with the drafting of the activity plan, sponsorship and free patronage proposals, and the first contacts with potential sponsors.
As with all previous editions, Malabo and Marco R. A. Bozzetti will be the creators.
The OAD 2025 questionnaire, completely anonymous, is now online:
https://www.oadweb.it/LS2025/limesurvey/index.php/279362?lang=it
The questionnaire is in Italian and refers to IT systems of companies and public bodies operating in Italy; therefore it also considers the parts of an international IT system supporting the Italian offices of foreign companies. Please fill it out or have it filled out by your technicians if you are in this condition.
What's new in OAD 2025
The main new features in the OAD 2025 Questionnaire, and therefore in the entire survey, concern:
- the addition of attacks on applications based on Artificial Intelligence (AI);
- among the families of attack techniques-tools, the addition of those based on AI;
- among the security measures, control and management of the IT supply chain between the Information System (IS) that is the object of the responses and those of the Suppliers and Customers who interact with it.
The in-depth analyses of the attacks detected are now 3, in the case of the most serious attack suffered:
- for web environments, referring to the OWASP top 10 vulnerabilities;
- for application environments based on Artificial Intelligence, referring to the OWASP Top Ten 2025 relating to applications based on LMM and Generative AI, currently the most widespread and used;
- for OT systems.
AIPSI requests free patronage from all non-profit associations/entities in order to extend, through their members and interlocutors, the pool of potential respondents to the online questionnaire and subsequently readers of the final OAD report.
Sponsorships are requested and necessary in order to repay, at least in part, all the professional activities that AIPSI must carry out.
The request for collaboration, now traditional, with the Italian Postal Police and Cybersecurity Service is also underway, in order to have access to their data on cybercrime, which will form the basis of a specific chapter in the 2024 OAD Final Report. In addition to the Postal Police, AICA and FIDAInform will actively collaborate on the initiative.
Also for the 2025 edition, the OAD Report will have prefaces by well-known players in the Italian digital security scene, such as representatives of the most important Italian institutions. Prefaces are expected from the Director of the Italian Postal Police and Cyber Security, and from the Department of Digital Transformation of the Presidency of the Council of Ministers, already had in 2024.
AIPSI will try to have prefaces also from ACN, AGID and/or other national institutions involved in digital security. These prefaces are essential for the recognition of the authoritativeness and validity of the OAD survey and Report, and thus help its dissemination especially in Italian Public Administrations and institutional offices.
The OAD 2025 questionnaire will be online and completely anonymous (no data on the person completing it is recorded, not even the date of compilation and the IP address of the device used to complete it). It consists of questions, all with predefined answers to selec, grouped into 8 sections, many of which are optional and “skippable” during compilation. In this edition there will also be a question on attacks on applications based on Artificial Intelligence, with reference to the top ten vulnerabilities 2025 identified by OWSAP for these environments.
Completing the entire questionnaire, including the optional parts on digital security measures in use, it will automatically provide a macro qualitative assessment of the level of digital security that emerges from the answers provided, and the list of the most critical answers in terms of digital security.
If no attacks have been detected, the online questionnaire system automatically skips the related questions, and moves on to the next ones.
The work plan, detailed in the attachments, provides for the publication of the OAD 2025 Report by the end of July 2025, provided that by the end of May - early June 2025 the number of online questionnaire compilations exceeds the minimum number necessary for an anonymous web survey to be reliable and significant. Otherwise, the publication could be postponed to September 2025.
Attached to this page the sponsorship proposal in English.
For any clarification and further information, please send an e-mail to