Spain Cyber Security and Cyber Crime Statistics

Spain Cyber Security and Cyber Crime Statistics

Cyber security challenges are not new. With the introduction of the internet and computer, cybercriminals started devising ingenious ways to attack netizens.  However, online risks are now more rampant due to the coronavirus pandemic. The pandemic forced individuals to use the internet on a scale hitherto unwitnessed. From grocery shopping to handling multimillion-dollar transactions, human existence practically depended on the internet.

This also led to an increase in cyber attacks. According to findings by a security expert at the University of La Rioja, cybercrime in Spain rose by almost 300 percent during the pandemic. This was attributed mostly to ignorance. Many people who had to use the internet for business or personal activities had insufficient knowledge of staying secure online.

This article looks at the cyber security statistics from Spain. Furthermore, it analyzes current efforts and challenges. This discussion will be useful for anyone looking to visit Spain or use the internet space for any transaction.

Cyber Security Statistics from Spain

Here are the recent statistics regarding cyber security in Spain.

Increase in Cyber Crimes

According to data from the National Intelligence Center (CNI), there has been a marked increase in the number of cyberattacks since the pandemic. In addition, the severity of these attacks has also increased. According to the CNI, there has been a more than 70% increase in cyber threats. The agency detected more than 73,184 cyberattacks in 2020 alone. Similarly, the agency detected 3172 cyber incidents.

Although these figures generally reflect the general increase in cyber-attacks worldwide, it is nonetheless worrying. 

Prominent Cyber Security Attacks

From 2019 to 2020, various high-profile cyberattacks rocked Spain. Some of the most popular include:


Zendal suffered what has now become known as a CEO scam. A hacker, posing to be the company’s CEO, ordered an official to transfer 400,000 euros to a company purported to be engaged in manufacturing a coronavirus vaccine. The transaction was stated to be confidential. Hence, word did not get out about the scam until the company had lost about 9 million euros.


Adeslas was the subject of a ransomware attack. A ransomware attack occurs where an external entity gets hold of a person’s computer system. Any such owner will have to pay some ransom to get access to their systems. Adeslas was the subject of one of such attacks. For six weeks, its medical test authorization systems were hijacked.

SEPE Attack

SEPE (the Spanish government Labour Agency) was similarly the victim of a ransomware attack in March 2021. The attack affected more than 700 offices across the country and forced workers to process applications manually. The attack was so widespread that remote workers were also affected. Eventually, there was no information regarding how the breach occurred. However, the notorious Ryuk ransomware has been fingered as being part of the attack.


Vueling, together with Nace, a delivery company, suffered a malicious attack. Cybercriminals got hold of the company’s computer program. They injected malware into it, effectively changing the nature of some of the services the company renders.  The hackers also managed to steal user data.


The reports also reveal the SMEs (Small and Medium Enterprises) were the worst targeted. This is because such entities lack the infrastructure to withstand sophisticated attacks. Similarly, these outfits often have the least cyber security knowledge. According to the report, SMEs are the targets of more than 70% of cyber attacks.

More Than 50% of Spanish Companies Suffered Ransomware Attacks in 2020

The CyberEdge Group 2020 Cyberthreat Defense Report (CDR) has indicated an increase in ransomware attacks most companies faced in 2019. For example, in Spain, the report indicated that more than half of the companies in Spain experienced ransomware attacks. In any case, Spain is one of the countries with the least number of attacks, joining countries like Brazil and Japan. On the other hand, countries like China, Mexico, and Canada had more than 70 percent of their companies targeted by ransomware attacks.

On an individual level, the 2021 State of the Phish Report revealed that just about 28 percent of Spaniards knew what a ransomware attack was. In compiling the report, interviewers had pooled answers from individuals in different countries. The interviewers asked questions about terms such as phishing, ransomware attacks, and malware. Although Spaniards did not fare so well in understanding ransomware, interviewees scored better on other terms such as phishing and malware.

CDR’s findings were corroborated by independent reports from the Sophos State of Ransomware Report 2020.  The report affirmed that more than 53 percent of Spanish companies suffered some form of a ransomware attack.

The Sopho report also indicated that Spanish companies stopped the attacks in most cases before data encryption could occur. From the findings, more than 40 percent of the attacks were stopped even before any damage was done. This is a fairly high number, considering that the only other country with such a high prevention/blocking implementation was Turkey. In the latter country, companies were able to block at least 51 percent of attacks.

Finally, on the ransomware attacks, Sophos’ report revealed that just about 4 percent of the victims paid ransoms to recover their systems. In this area, Spain excelled. This level of excellence is most likely to be chalked up to proactiveness. More than 72 percent of the companies had backed up their data and restored it without paying any ransom.

Spanish Organizations Spent More Than 11.8% of Their Budget on Security

In a welcome development, the CDR’s report highlighted that Spanish firms set aside almost 12 percent of their IT budget for security updates. This development is laudable and represents a 5.5 percent increase from previous years. Again, Spain fares well here, as it is ahead of many countries in this regard. However, countries like Mexico and Saudi Arabia that set aside more than 15 percent of their budget to fund security enhancements top the list.

In a related development, Sophos’ report revealed that more than 83 percent of Spanish companies had cyber security insurance. To put this in perspective: 8 out of every 10 companies had cyber security insurance. Of that 8, 7 had ransomware attacks covered as part of their insurance packages.

Spain Experienced More Than 2 Million Coronavirus-Related File Detections

Reports from McAfee reveal that the United States currently has the highest COVID-19-related malicious file detections. There were about 2.5 million such claims. However, Spain also had a very high COVID-19 malicious detection index. Between 2020 and 2021, McAfee reported 2 million malicious file detections.

Spain Performed Poorly in the Index of Countries With Excellent Cyber Security Framework

According to an independent survey of 75 countries, Spain fares poorly in terms of its cyber security framework. The report analyzed the countries using 15 metrics, including the spate of malware and phishing attacks, the frequency of banking software attacks, and how strong the security systems in the country were. No country did excellently across all the factors. Spain ranked 54th out of the 75 countries surveyed. According to the report, Denmark and Sweden were at the top of the list. While this is not an authoritative revelation of the cyber security state in Spain, it does give one quite a few things to think about. Internet users in the country will need to be vigilant to avoid falling into cyber threats.

Spain Among the Top 5 Countries That Experienced Stalkerware Attacks in 2020

As the name suggests, stalkerware is primarily used to “stalk” people. Stalkers use this software to access devices of third parties and keep tabs on them. Malicious entities can also employ stalkerware to steal sensitive information from unsuspecting users.

This is a growing phenomenon. A report by Kaspersky revealed that 53,870 mobile device users suffered from stalkerware attacks in 2020 alone. This number might even be higher as the pool of individuals for the survey was mostly Kaspersky users.

Kaspersky ranked Spain 5th in the list of countries with the most stalkerware attacks. More than 800 users dealt with the malware. Other countries that made the top 5 included France, the UK, Italy, and Germany. However, these European countries were not as impacted as countries in North America, notably the United States.

Most Attacks Using Popular TV Shows Were From Spain

It is common for bad actors to target unsuspecting individuals using popular TV shows and movies. In such instances, the criminals will embed malware into the download links of such content. Hence, when users download the movies/shows, they unwittingly transfer the malware to their devices. Spain has the highest rate of that occurring. According to a 2020 report by Kaspersky, some of the popular TV content used for such attacks includes Stranger Things, The Mandalorian, Orange is the New Black, The Witcher, etc. In addition, the report noted that more than half of the video content used as lures had its origin in Spain.

Final Thoughts

Security and privacy concerns are paramount at the moment, given the dependency on online systems. Businesses are transitioning online, and most individuals rely on the internet to carry out many activities. For internet users in Spain, getting familiar with some of the hot topics relating to security is necessary. It’d help them properly identify, prepare for, and fend off attacks.