Looking around, much of the tech you see is compromised, infected with a computer virus and controlled by cybercriminals. In Spain, 55.3% of equipment is used for illegal activities without the owner’s knowledge. Yet awareness is growing slowly. Every 11 seconds, a cyberattack targets a company somewhere in the world. Any person, business, or government entity can face a data breach or digital theft, which makes awareness and investment in security essential.
These concerns were the focus of a cybersecurity meeting organized by actives and the Prensa Ibérica group. It recently took place in Madrid, with sponsorship from Banco Santander, Grupo Oesía, BBVA, and Hewlett Packard Enterprise, and in collaboration with Digitales, the Spanish Association of Security Companies, and SI Cybersecurity.
Current estimates indicate around 300,000 Spanish cybercrime victims and about 1.1 million highly exposed assets. These assets include documents, conversations, and files that should be protected behind private networks. Ignacio González Ubierna, deputy director of the National Cyber Security Institute, noted that attackers chase vulnerable equipment and exposed services. The attack wave has persisted since 2012, and the pandemic and rapid digital transformation have accelerated the need to protect more devices. Javier Calahorra, CISO of BBVA Spain, observed that people use apps constantly but often do not manage them securely.
In the business world, the emphasis remains on small and medium sized enterprises, which form a large portion of Spain’s productive fabric. Alfredo Díez, COO of Cipherbit-Grupo Oesía, stated that SMEs have digitalized under pressure and may need a big security boost. Larger corporations invest and stay protected, but smaller firms and freelancers risk becoming a threat to all if security is neglected.
talent shortage
Martí Saballs, director of economic information for the Prensa Ibérica group, warned that the threat remains regardless of who is behind it. The total cost of cyber attacks today stands at five and a half trillion euros, roughly double the amount from the prior year. He stressed that building defenses must be the priority. Advances let attackers run more professional and sophisticated operations. Carles Solé, CISO of Banco Santander Spain, described this as a war against highly organized cybercrime that must be met with a cyber army to counteract the bad actors.
Several factors contribute to the imbalance, undermining the defense of good actors. Sergio Gómez, KPMG’s cybersecurity partner in Spain, pointed to a lack of properly trained cybersecurity capability. Estimates vary on the required talent, with figures from 30,000 to 60,000 specialists. The challenge is daunting for recruitment and retention. A practical approach includes reskilling and training, along with stronger collaboration with universities and graduate programs to build what is needed from the ground up.
plan b
Investment remains another hurdle. Cybercrime has become a structured, well funded industry. Félix Martín, head of Cybersecurity Services for Hewlett Packard Enterprise EMEA and Latin America, urged public administration to act in concert with private sector partners. While investment in large Spanish companies has grown, it is not enough. Solé summed up a pragmatic view: invest better, not just more.
Beyond skilled personnel and money, a contingency plan is essential. Martín stressed the need for disaster recovery plans tailored to different sectors because keeping a logistics chain running is not the same as sustaining accounting operations. Firms should maintain a minimal level of operational continuity in the short term.
earlier edits
Before last minute planning, there is a need for more uniform legislation across sectors. Gómez highlighted that currently there is no mandate to adopt these measures. Some sectors, such as agri-food, find security harder to embrace, while others, like robotics, take longer to secure. Díez emphasized reaching out to the unconvinced, with public administration playing a central role. There were incidents of attacks that affected taxpayers and local government payroll systems, underscoring the stakes involved.
In the financial sector, regulation exists to protect customer data, though Calahorra warned about overlapping directives and occasional overregulation. The European Union has advanced critical infrastructure rules, including the Digital Operational Resilience Regulation, or DORA. Solé noted that rules sometimes arrive late, creating confusion for companies trying to implement safety measures. The core issue remains a lack of clear, actionable instructions for applying safety precautions.
future dangers
The tech landscape is undergoing a real shift with innovations like advanced chat systems and blockchain momentum. Yet new threats appear with every breakthrough. Decentralized finance eases financing for criminals through reduced oversight, and artificial intelligence holds both promise and risk. Calahorra warned that AI can automate processes for good, but adversaries also wield it. The takeaway is to scrutinize AI carefully and raise public awareness about its implications.
The potential of deepfakes and manipulated communications complicates security for providers. Díez pointed to the risk of staged calls from executives or agencies and fraudulent bank messages seeking passwords. Even at the institutional level, thefts of cryptocurrency fund illicit programs. Experts stress that the danger is not purely digital; it can translate into physical harm, including manipulation of medical records or disruptions at critical facilities.
To meet these challenges, public-private cooperation is essential. Expanded dialogue between administrations and private entities helps close gaps that criminals exploit. Solé urged stronger European collaboration with other blocs, and Díez called for substantial investment in development to reduce dependence on foreign technology. Sharing essential data across competing firms could drive significant improvements, while Gómez pushed for clearer, more consistent regulation across sectors.