Spain has rapidly become one of the main targets for cybercriminals, climbing to second place in the global ranking of the most frequently attacked countries. Incidents in cybersecurity have increased by a significant 64% compared to the previous year, solidifying the country’s position as a primary target for digital threats, according to analyses by Secure & IT, a company specializing in the sector.
Dramatic Increase: Spain as a Target for Cybercriminals
Between January and March 2025, a total of 213 verified cyberattacks were registered in Spain. This accounts for 4.5% of the global total, temporarily placing the country third behind the United States and Ukraine, according to data from the HackRisk.io platform. However, annual statistics suggest an even higher position, underscoring the urgency of the situation.
Cybercrime already incurs global costs of nearly 1.5% of the world’s GDP, amounting to one trillion US dollars, surpassing the combined economic impact of drug, human, and arms trafficking. This was emphasized by Francisco Valencia, General Director of Secure & IT, during a recent conference on cyber resilience in Madrid. Spain’s open economy, present in numerous international markets, makes it particularly vulnerable to attacks such as ransomware (data kidnapping) or phishing (deception via emails, SMS, or phone calls). The country’s strategic geographical location between Europe, Latin America, and Africa further highlights its geopolitical significance and thus its susceptibility to such attacks.
Geopolitical Factors Intensify the Situation
The Brexit of the United Kingdom has also contributed to increasing pressure on Spain. The country has inherited some of the cyber burden previously borne by Britain. “Spain has inherited a greater commitment due to its new role in the European balance,” said Francisco Valencia. While the conflict between Russia and Ukraine temporarily shifted the focus of cyberattacks to Eastern Europe, the relative stabilization of that region has put Spain back in the crosshairs. The motivation behind these attacks is no longer solely economic gain but also aims to undermine trust in Western democracies.
In response, the Spanish government has initiated measures. At the end of April, President Pedro Sánchez unveiled an Industry and Technology Plan for Security and Defense. This plan includes the creation of a “digital shield,” with investments in secure 5G infrastructure, national satellites, artificial intelligence, and quantum computing to strengthen cybersecurity.
These Sectors Are Most Affected
Cyberattacks in Spain primarily concentrate on three key areas: public administrations, healthcare, industry, and small businesses. According to Moncloa data, over a thousand incidents per year affect essential services. Many of these attacks remain unseen but have direct consequences for critical infrastructures such as hospitals or airports.
Public Administrations in Focus
In public administrations, city councils and government agencies are the primary targets. Here, attacks aim to disrupt the provision of basic services and create destabilization.
Healthcare Under Attack
The healthcare sector is also among the most vulnerable. Hospitals and health centers face cyberattacks that can compromise sensitive patient data and jeopardize the functionality of vital systems.
Industry and SMEs as Popular Targets
Industry and SMEs (small and medium-sized enterprises) are not exempt from this trend. Many of these businesses have limited cybersecurity resources, making them frequent targets for ransomware and other threats aimed at extortion.
The increase in cyberattacks across all these areas reflects a structural weakness that extends beyond the technical realm. Experts emphasize the need to position cybersecurity as a strategic priority for the country. Technological investments, specialized training, robust regulatory frameworks, and international cooperation are crucial to reversing this growing vulnerability and moving towards greater digital resilience in Spain.
Unrecognized Vulnerabilities: 73% of Attacks from Uncontrolled Digital Assets
Nearly three out of four cyberattacks in Spain originate from technological assets that companies themselves are unaware of or do not adequately control, as revealed by a recent study from the cybersecurity company Trend Micro. These so-called “attack surfaces” – a collection of connected devices, services, and technologies that are not directly managed – become critical vulnerabilities for attackers.
The report warns that the accelerated adoption of technologies like generative artificial intelligence and the increasing number of connected devices make effective management of digital environments more challenging. Consequently, many IT departments lose sight of critical parts of their technology infrastructure, significantly increasing the risk of incidents.
Poor management of this attack surface also has broader business implications. 89% of surveyed companies acknowledge that this management is directly linked to overall business risk. Commonly cited side effects include deterioration of supplier relationships (54%), loss of customer trust (48%), operational continuity problems (39%), and direct impact on financial results (37%).
