Recent global disruptions, including pandemics and conflicts, have reshaped daily life and shifted economic realities, with the digital sphere feeling the impact through a rise in cybercrime.
Public institutions at state, regional, and local levels are increasingly targeted by hackers. In Alicante, for example, municipal councils report that safeguarding their data can absorb as much as 15% of their budget. Data from the Alicante Provincial Council further illustrates the scale, noting that a central state agency counters more than 7,000 weekly attacks, many traced to Asian regions and a notable share aimed at the Middle East. A City Council such as Alicante faces roughly 100 hacking attempts each day, prompting managers to tighten access policies to protect information against theft.
Provincial Council builds a high-security framework to shield municipalities from cyber threats
Cybersecurity is a core element of regional strategy, coordinated by the Directorate General of Information and Communication Technologies (Dgtic). The Gen Digital 2025 plan guides the Valencian Community toward a broad digital transformation, with goals to modernize workflows, simplify management, and reshape organizational culture across the Generalitat. The plan outlines a clear road map for the coming years, promoting efficient operations and streamlined processes while fostering a digital mindset throughout administration.
The Dgtic hosts a General Sub-Directorate of Cyber Security, which leads the cyber strategy, defines protective measures, and adapts defenses according to how sensitive the information is and the level of risk. The Valencian Community Cybersecurity Center (Csirt-CV) operates in association with this directorate, delivering services to administrations, citizens, and businesses, with the aim of elevating information system security across the board.
The shift to remote work heightens risk and accelerates security policy updates
José Manuel García Duarte, Director General of Information and Communication Technologies, notes that recent global events increase the demand to safeguard information systems and the daily work of public staff against cyber attacks and data theft attempts. He adds that the stay-at-home period and lockdowns pushed a rapid review of security policies to align with remote-working needs, which introduced new risks. The cascade of events since then has reinforced the urgency of strong digital defenses.
Following the pandemic, Russia’s invasion of Ukraine prompted additional defenses, including multi-factor authentication and credential changes across corporate domains. Over the last year, the Generalitat has intensified efforts to counter cyber intrusions on regional government networks, the spread of misinformation about vaccines, and the manipulation of pandemic data to fuel malicious websites.
Csirt-CV notes that the Valencian Community employs more than 240,000 public workers. Its mission is to strengthen information system security while promoting a culture of security and good practices through new technologies. Its activities include penetration testing, vulnerability assessments, and forensic investigations, all aimed at reducing incidents and countering emerging threats.
Security incidents and response trends
More than half of Csirt-CV’s incidents fall into fraud categories, with phishing campaigns standing out as a persistent tactic to steal identities. Intrusions also figure prominently, involving compromised user accounts, malicious software, and brute-force attempts.
At the provincial level, Alicante Province Council experiences about 7,000 weekly attacks. The vice president of innovation explains that none of these attacks have compromised their servers, as they were all repelled. Each year, the council makes direct investments in cybersecurity, with additional indirect support that helps all municipalities in the province, especially smaller towns under 20,000 residents.
A decade ago the Modernization Plan began its seventh edition, a substantial investment in hardware and software totaling around 3 million euros. The plan responds to the needs raised by municipal councils, and its progress has earned recognition from the Comptes Audit Office, which highlighted the Provincial Palace and Benidorm City Council as leading examples of regional cybersecurity progress. The mayor of Benidorm also chairs the County Council as president of the community, underscoring cross-jurisdiction collaboration in security improvements.
On the municipal front, Finestrat’s Councilor for New Technologies describes tools that protect against online threats. External access from the Internet to the corporate network is routed through a segmented secondary network isolated from the internal network used by government staff. Remote-work access has also been tightened to prevent identity theft.
Current projects in Finestrat include completing the segmentation of municipal networks to limit potential breach impact and extending wireless coverage across municipal buildings. Looking ahead, the plan includes deploying a SIEM solution to rapidly detect, respond to, and neutralize cyber threats.
Xixona’s council, managed by PSPV-PSOE, recalls a significant cyber attack in 2021 and describes ongoing challenges for smaller towns in maintaining up-to-date security. The council emphasizes moving to cloud-based solutions and partnering with data specialists to strengthen protection while controlling costs.
Passwords and access control
In Xixona, efforts to refine passwords focus on ensuring access is role-based and not universal. Public employees receive access appropriate to their duties, while over-stringent controls are avoided to maintain usability. The council’s decision to renew IT services with support from the Provincial Council last year demonstrates the value of ongoing modernization efforts.
Experts warn that human factors remain crucial despite technological advances
Josué Castillo, Cyber Security coordinator for the Spanish Smart Cities Network and head of Elche City Council’s Telecommunications department, stresses that technology alone cannot prevent breaches. Awareness and vigilance among public servants are essential, he argues. Any security measure can be circumvented if staff are not attentive, making ongoing education a key line of defense.