{}

In recent years, the pace of digital transformation has accelerated, with more companies embracing the digital world and cloud operations. As this shift grows, cybersecurity becomes even more crucial to defend against the rising threat of cyber attacks.

Cybercrime has emerged as a major concern for many organizations, and last year 94% of Spanish companies reported exposure to a cybersecurity incident.

Small and medium-sized enterprises, which constitute about 98% of the Spanish business landscape, are still not viewed as reactive targets in the cybersecurity culture, according to a recent Google study. Yet, cybercriminals have increasingly turned their attention to smaller targets with weaker defenses in recent months.

To address this issue and highlight the importance of stronger cybersecurity investment by SMEs, Levante-EMV hosted a briefing last Friday in collaboration with BBVA in Valencia. The event was moderated by Silvia Tomás, Director of Corporate Affairs at Ibérica Press, and featured participants including Juan Manuel Matalobos, global head of BBVA Culture of Cybersecurity; Juan Vicente Oltra, a cyber security professor at the Polytechnic University of Valencia; Miguel Juan, partner at S2 Grupo; and Pepe Torres, representative and member of the Valencian Community Official College of Industrial Engineers and CDO at Kemex Handling Solutions.

“The importance of cybersecurity is tightly linked to the advancement of digitalization. A deeply digitalized business relies more on computer systems and thus faces greater exposure to high-impact cyberattacks; sadly, many companies recognize cybersecurity only after a problem arises,” stressed Juan Manuel Matalobos.

Three million SMEs exposed

During the conference, attendees agreed that attacks on SMEs are rising, with these smaller entities often serving as gateways to larger organizations. “Digital threats have grown as the world becomes more dependent on technology,” noted Miguel Juan. No essential infrastructure is immune to danger.

There are more than three million SMEs in Spain facing a concerning wave of cybercrime. Experts warn that digital attacks are increasing by about 85% each year, and around half of Spanish companies lack any cybersecurity certification. “SMEs see cybersecurity as a cost rather than an investment,” lamented Juan Vicente Oltra, who additionally warned of the risk to the social and economic fabric should cyber-attacks erode their presence.

Additionally, 60% of European SMEs that fell victim to cyberattacks disappeared within six months. “There is a 200-day window between the attack and its detection, and another 75 days typically pass before it is under control,” added a cybersecurity professor from the UPV Master’s program.

However, Matalobos warned of a false sense of security among many companies, which diverts attention elsewhere.

“Support SMEs as they enter the world of cybersecurity,” urged Pepe Torres. The COIICV representative recalled that many firms rely on automated process controls that are not prepared for cybersecurity, creating easy entry points for criminals.

According to a Deloitte report, 62% of companies increased their cybersecurity budgets to counter these threats. Nationally, investment in cybersecurity rose by 7.7% in 2022 to reach 1,749 million euros. Yet the vast majority of SMEs struggle to fund large-scale cybersecurity initiatives. “Allocating the resources needed to fight cyber attacks is very challenging for SMEs. Budgeting for cybersecurity often means deprioritizing other critical areas,” explained Matalobos.

As a result, many SMEs opt to outsource cybersecurity functions. In this regard, S2 Grupo is recognized as a leading provider of cybersecurity operations, cyber intelligence, and mission-critical systems across Europe and Latin America. “Large companies understand the risks of cyberattacks and maintain contingency plans because that is their business,” noted Miguel Juan. “But SMEs, lacking in-house experts, should consider contracting external services that offer ready-made protection packages.”

More professional attacks

Spain ranks third globally for corporate cyber attacks. Interior Ministry data show that 375,506 cybercrime incidents were recorded in 2022, a 72% rise from 2019.

“The digitization process elevates the profile of cybercriminals whose sole aim is to extract economic value from their attacks,” said Miguel Juan. After developing sophisticated tools, attackers aim to deploy them as extensively as possible.

Likewise, Miguel Juan warned that criminals probe company vulnerabilities through automated scans before attempting a breach. “Like a virus, a human only intervenes when an entry point is found to penetrate the corporate network and unleash malware. In many cases, this can be an employee’s home computer connecting to the network.”

“Attackers are becoming professionals. The number and complexity of attacks have grown exponentially in recent years, underscoring the need for more cybersecurity education,” Matalobos noted.

Estimations suggest that up to 300,000 cybersecurity experts will be required in the coming years to meet the evolving wave of cybercrime in the European Union. “This is not feasible without more technology. Attackers already use AI to execute their tactics, so defending with AI is essential,” admitted Miguel Juan.

Job security vulnerabilities

Most security incidents originate with humans. “People are the biggest vulnerability because they open doors on their computers that shouldn’t be left ajar. Companies must raise awareness and train employees to minimize such intrusions, which are the easiest to fix,” added Juan Vicente Oltra.

“Being 100% protected is impossible, given the variety and sophistication of attacks. Still, with proper measures, the threat can be made costly for criminals,” said Pepe Torres, continuing the thought.

“Stay vigilant,” urged Miguel Juan. “We all face these risks, but protection can be simple and affordable. You don’t need enormous investments or expertise to reduce risk, and if a breach occurs, do not hesitate to seek expert help.”

Matalobos explained that safe behaviors in cyberspace are easy to adopt: “BBVA leads in security and aims to deliver services as securely as possible. We are sharing our resources and know-how with the public through campaigns and free courses for SMEs to establish basic cybersecurity.”

Finally, the speakers agreed that cybersecurity is a booming industry with substantial financial opportunity for SMEs in both North America and beyond, underscoring its global relevance.