Spain has become a key target of global cybercrime. Cyberattacks are multiplying across the country, as distinction between the actions of private criminal networks and state-sponsored operations is becoming increasingly blurred. Companies and public administrations need to be aware of the risks, as such emergencies can lead to serious disruptions in critical infrastructure as well as significant financial losses. We have just witnessed this with the major blackout on April 28. While it does not appear to have been caused by a cyberattack, it clearly demonstrated the vulnerability of large infrastructures and the enormous economic and social consequences such incidents can provoke.

So far in 2025, Spain has seen an alarming increase in cyberattacks affecting both the public and private sectors. According to data from CybersecurityNews, cyberattacks have risen by 35% this year, surpassing 45,000 incidents per day. Between late February and early March, attacks increased by 750% compared to the same period last year, according to HackManac. During the week of 5–11 March 2025, Spain was the most targeted country in the world in this domain, even ahead of the United States, accounting for 22.6% of all global cyber incidents. Spain is also the third-most attacked country by pro-Russian hacktivists.

There are two main factors that help explain this situation. First, Spanish companies have undergone rapid digital transformation — a key goal of the EU’s Next Generation Funds. And as they’ve done so, many have failed to invest sufficiently in cybersecurity systems, making them easy targets for cybercriminals. This phenomenon is exacerbated by the rise in ransomware attacks, which have surged by 120% and cause major losses, particularly for SMEs. Small businesses can lose between €2,500 and €60,000 per attack, while damage to a large company can often exceed €5.5 million, according to CybersecurityNews.

This situation raises two important questions: where are these attacks coming from, and why do they do it? Most attacks originate from Eastern European countries, and the increase could be linked to recent global political shifts. Last month, the U.S. government announced the suspension of its offensive cyber operations against Russia. As a result, criminal groups based in Eastern Europe may now have more freedom to launch cyberattacks on European entities.

But the problem is more complex. The cybercrime ecosystem has fragmented, partly as a result of the war in Ukraine. Private groups involved in data theft have adopted new identities following the leak of their source codes, while the dissolution of dark web forums has led to greater diversity and volatility in threats. The leaked codes, combined with rapid advancements in AI tools, are accelerating the development of new and more sophisticated forms of data theft.

At the same time, there is growing collaboration between cybercriminals and nation-states. These hybrid actors combine technical capabilities with political objectives, including espionage, disruption of critical infrastructure, and in some cases, cryptocurrency theft.

Why do they do it? States that engage in these practices may use cybercrime to finance their activities, gather intelligence, or prepare for future sabotage operations targeting critical infrastructure in rival countries.

In the business world, the primary motive is financial gain through industrial espionage, access to strategic information, or infiltration of critical systems in preparation for future disruption.

The European Union has developed several regulatory frameworks to address these challenges — including NIS2, which strengthens cybersecurity in critical infrastructure; DORA, which aims to enhance resilience in the financial sector; and the AI Act, designed to regulate artificial intelligence to prevent its misuse for cybercrime or disinformation.

But regulation alone is not enough. In this regard, the recent announcement by Prime Minister Pedro Sánchez is noteworthy: it includes more than €1 billion in cybersecurity investment, as part of the commitment to raise defense spending to 2% of GDP.

In a context of growing global instability and unpredictability, the complex geopolitical situation has increased Europe’s — and particularly Spain’s — exposure to cyberattacks. International conflicts and power tensions are now extending into the digital realm. The rise in cyber threats affects not only critical infrastructure and government agencies but also businesses across all sectors. In light of this, it is essential to strengthen cybersecurity strategies, foster international and public-private cooperation, and raise awareness of digital risks to ensure the resilience of the country — and its companies — against this evolving threat landscape.

Article by: Oliver Gower Senior Managing Director and Andrés Parro Managing Director at FTI Consulting