Italy foiled a series of cyberattacks aimed at some of its foreign ministry offices, including one in Washington, as well as Winter Olympics websites and hotels in Cortina d’Ampezzo, Foreign Minister Antonio Tajani said on Wednesday.
Speaking to reporters during a visit to the US capital, Tajani said the attempted attacks were “of Russian origin”, but did not share further details about who was behind them, what tools were used or what impact they might have had on government systems and Olympic operations.
“We prevented a series of cyberattacks against foreign ministry sites, starting with Washington, and also involving some Winter Olympics sites, including hotels in Cortina,” Tajani said, two days before the opening ceremony at Milan’s San Siro stadium.
The Winter Olympics had already begun on Wednesday with the first curling matches in Cortina. Authorities moved quickly to reassure the public and international delegations that critical systems were secure and that Games operations were running as planned.
Italy’s interior minister, Matteo Piantedosi, told parliament that 6,000 security officers were being deployed across the Games venues stretching from Milan to the Dolomites, including bomb disposal specialists, snipers and anti-terrorism units. While those resources were mainly focused on physical threats, they were backed by an increased cyber security posture involving national security agencies and specialist cyber units.
Industry observers said the foiled attacks in Italy were in line with a broader pattern of cyber activity around high‑profile global events and moments of geopolitical tension.
Commenting on the incident, Kelly Butler, CEO Cyber at Marsh, said: “The targeting of the Winter Olympics by Russia-linked hackers is a clear reminder of how cyber threats are becoming more complex and tied to global events. It shows how important it is for everyone involved, from organisers to insurers, to stay vigilant and prepared. Cybersecurity isn’t just about technology – it’s about understanding the bigger picture and the risks that come with it. This kind of incident highlights the ongoing challenge of protecting major events in an increasingly connected world.”
For insurers and brokers, that “bigger picture” increasingly includes how cyber policies might respond to attacks with suspected links to nation states, and whether a single campaign could generate connected losses across many policyholders, industries and countries.
The episode comes as the cyber insurance market continues to grapple with three intertwined issues: aggregation risk, the scope of war and state‑backed attack exclusions, and how far large public events and critical infrastructure can realistically be insured.
Major sporting events depend on a crowded ecosystem of organisations — government ministries, organising committees, national teams, broadcasters, sponsors, ticketing platforms, hotels, transport and utilities. A coordinated cyber campaign against that ecosystem could, in theory, trigger claims across cyber, property, business interruption, event cancellation, kidnap and ransom, and liability policies.
In response to that kind of risk, carriers and markets such as Lloyd’s have been pushing for clearer wording around state‑backed cyber operations and war exclusions, warning that some large‑scale attacks may sit outside the bounds of what is meant to be insurable, diversifiable risk.
For event organisers and their advisers, the Italy incident is another reminder that cyber resilience and incident response have to sit alongside physical security and contingency planning in any major‑event risk strategy. For insurers, it underlines the need to stress‑test portfolios, run extreme but plausible cyber‑catastrophe scenarios and make sure policy language genuinely reflects their risk appetite.
For brokers placing cover for teams, sponsors, broadcasters, local authorities, hotels and other service providers linked to the Games, the episode is likely to prompt fresh conversations about cyber limits and sublimits, how war and state‑backed attack exclusions operate in practice, and how different policies might respond if a coordinated attack did get through.
For insurers and MGAs, it reinforces the importance of monitoring aggregation risk, refining scenario tests and keeping an open dialogue with clients about how cover would work across different types of cyber event as threat actors continue to use high‑profile global events as staging posts for their campaigns.
