The Bank of Italy has published its annual horizontal analysis of major ICT incidents reported in 2025 under the Digital Operational Resilience Act. The report shows that incident volumes increased from the previous year, with most cases classified as operational incidents and about one quarter linked to cybersecurity. A key finding is the significant involvement of external ICT service providers in reported incidents. The Bank of Italy says the DORA incident reporting framework is strengthening analysis and monitoring of cyber risk across the financial sector, while the rise in incidents and the role of service providers point to the need for financial entities to maintain robust ICT risk governance and controls and to manage third party risk effectively to meet DORA requirements.