.

This essay examines the most frequent and best-known types of cyber-attacks and addresses the impact they have on the information systems of companies, private citizens and, of course, of the Public Administration, particularly in terms of the management and protection of both digital identity and personal data. This analysis shows that investments in information security and digital literacy are still inadequate and fragmentary, as well as the regulatory instruments: both those specifically related to individual criminal offences, and those related to the actions necessary to prevent and fight them, since they are not yet implemented in a joint and consolidated manner among States and the various institutional actors. Therefore, the reform perspectives embodied in the PNRR will be analyzed, together with the most recent regulatory acts at European and national level, namely Reg. (EU) 2021/887 and the Italian law 109/2021 which finally establishes the National Cybersecurity Agency in Italy