Spain cyber security and cyber crime statistics

There’s no denying that cyber crime is rampant across the globe, and as societies become increasingly digitally focused, cyber security concerns continue to grow. Individuals and businesses in Spain are no strangers to cyber attacks. Most organizations have dealt with some sort of cyber crime and the country itself is the source of many attacks.

Here, we shine a spotlight on Spain and look at the latest facts, statistics, and trends surrounding cyber crime and cyber security in the country.

1. 87.5% of Spanish organizations were compromised in one or more successful attack in the past year

The CyberEdge Group 2020 Cyberthreat Defense Report (CDR) provides insight from security professionals across the globe. It found that over a 12-month period, almost nine in 10 Spanish companies had experienced a successful cyber attack. Out of all organizations surveyed across the globe, over one-third reported being “frequent victims,” dealing with six or more successful attacks within a year.

2. 52% of Spanish organizations were impacted by ransomware in the past 12 months

The CDR found that most countries saw a significant impact as a result of ransomware. In Spain, just over half of all organizations were affected by such an attack. While this figure is high, Spain was one of the three least affected countries studied, along with Brazil (48.5 percent) and Japan (36.7 percent). The country did fare better than the likes of China (76.0 percent), Mexico (72.7 percent), and Canada (72.0 percent).

3. Spanish organizations allocate 11.8% of their IT budget to security

According to the CDR, Spanish organizations spend almost 12 percent of their IT budget on security. This represented an average increase of 5.5 percent in 2020 and is slightly higher than in several countries including Australia (11.5 percent) and the UK (11.2 percent), but lower than others. Mexico tops the list at 15.9 percent followed by Saudi Arabia at 15.3 percent.

Budget spend chart.
Source: CyberEdge Group

4. Over 85% of Spanish organizations have a preference for security products that use AI and machine learning.

It seems that Spanish organizations are keeping up with technology. The CDR tells us that 85.7 percent say that when it comes to selecting security products, they have a strong or moderate preference for those that use AI and machine learning.

5. Spain was one of the top 3 countries attacked by mobile banking malware

Kaspersky’s report on mobile malware breaks down which countries were worst hit by mobile bankers in 2020. The study found that 0.77 percent of Spanish users were attacked by mobile bankers. This was significantly lower than the rate in Japan which took the top spot with 2.83 percent, but only slightly lower than second place Taiwan, with 0.87 percent.

6. Over 50% of Spanish organizations were hit by ransomware in 2020

The Sophos State of Ransomware Report 2020 reveals how many organizations in each country were hit by ransomware. In this case, it agrees almost exactly with the CDR mentioned above and found that 53 percent of companies were affected.

Chart showing ransomware attacks.
Source: Sophos

7. Data encryption was prevented in almost half of attacks

The Sophos report also notes how often organizations were able to stop attacks before data encryption took place. Spanish companies fared well, stopping 44 percent of attacks in their tracks. This was second only to Turkey, where 51 percent of attacks were blocked.

8. Only 4% of victims paid the ransom

Although the remaining 96 percent of attacks did involve data encryption, the ransom was paid by only four percent of victims. This was lower than any other country studied. Preparedness was likely a major factor here as Sophos found that 72 percent of Spanish companies were able to restore data from backups.

9. Ransomware attacks cost Spanish companies an average of around $280,000

Even with the strong figures above, Sophos tells us that Spanish companies still spent an average of $283,630 to remediate a ransomware attack. While this sounds high, it was in the bottom three with South Africa and the Czech Republic. Swedish organizations had the highest remediation bill at an average of over $2.7 million, followed by Japan at $2.2 million and Australia at $1.1 million.

10. 83% of Spanish companies have cyber security insurance

One more interesting point covered by Sophos is the popularity of cyber security insurance. More than eight in 10 companies in Spain have a cyber insurance policy and 70 percent of organizations have ransomware covered under their insurance.

11. Only 28% of Spaniards know what ransomware is

Proofpoint’s 2021 State of the Phish Report asked users in various countries about the definitions of terms such as phishing, ransomware, and malware. Only around one in five respondents knew what ransomware is. The country did fare better with some other terms including phishing (63 percent) and malware (75 percent).

12. A 2021 ransomware attack affected 700 SEPE offices across Spain

The SEPE (the Spanish government labor agency) was the subject of a large ransomware attack in March 2021. Systems were impacted in more than 700 offices across the country, forcing workers to temporarily halt the digital processing of applications and instead work manually. The popular Ryuk ransomware was reportedly involved in the attack.

13. Spain was responsible for 2.66% of 2020 spam

A Kaspersky report on spam and phishing in 2020 found that a relatively small portion of spam originates in Spain. The country is the source of 2.66 percent of spam, whereas the top source, Russia, is responsible for 21.27 percent.

Sources of spam by country.
Sources of spam by country. Source: Kaspersky

14. Spain was a core target for malicious email campaigns in 2020

Another notable statistic from the Kaspersky report was the fact that Spain was the top target for malicious email campaigns in 2020, receiving a share of 8.48 percent. In second place was Germany with 7.28 percent and in third was Russia with 6.29 percent.

15. Spain trails only the US when it comes to COVID-19 related malicious file detections

McAfee has been tracking COVID-19 related malicious file detections since May 2020. Unsurprisingly, the US ranks top, having dealt with almost 2.5 million. However, Spain is not all that far behind with well over 2 million malicious file detections in the past year. The vast majority of the threats observed are Trojans, although PUPs (Potentially Unwanted Programs) have been making sporadically high-frequency appearances in 2021.

16. Spain scored 59th out of 75 countries for cyber security

A Comparitech study gave each of 75 countries a score based on a variety of factors including the rate at which users experience various types of malware and phishing attacks. In terms of overall cyber security, Spain ranks fairly low compared to other countries with a score of 23.34. The range was 3.56–35.54 (lower is better). Denmark, Sweden, and Ireland topped the list, while Tajikistan, Bangladesh, and China made up the bottom three.

17. Spain is in the top five countries in Europe affected by stalkerware

A 2020 Kaspersky report on stalkerware found that Spain was one of the top five countries impacted by this type of malware. 873 users in the country dealt with stalkerware in 2020. In Germany, the number was much higher at 1,547, with Italy (1,144), the UK (1,009), and France (904) making up the remainder of the top five. That said, European numbers are significantly lower than in the worst-hit countries which include Russia (12,389 impacted users), Brazil (6,523), and the US (4,745).

The number of stalkerware incidents.
Source: Kaspersky

18. Most attacks disguised as popular TV shows came from Spain

A 2020 Kaspersky study looked at how cyber criminals use popular TV shows to spread malware through streaming platforms. The top shows used as lures were The Mandalorian, Stranger Things, The Witcher, Sex Education, and Orange Is the New Black. Over half (51 percent) of the attacks disguised as these five shows originated in Spain.

19. Cyber crime in Spain rose by 300%

A cyber security expert from the International University of La Rioja (UNIR) Juan José Nombela estimates that cyber crime has increased up to 300 percent during the pandemic. The surge is attributed to increased use of digital banking and online shopping, among other shifts.

20. 43% of the population don’t have basic digital skills

According to the Spanish government’s Nation Digital Skills Plan, 43 percent of Spaniards lack basic digital skills. As such, training and education is a key component in the country’s cyber security strategy.

21. Spain is a hotspot for the sale of fake COVID-19 vaccines and certificates

Since the development of various COVID-19 vaccines, many counterfeit versions have popped up on darknet marketplaces. In addition, fraudsters are peddling “vaccine passports,” fake documentation that claims the holder has received a vaccination. Spain was named among the hotspots for this activity, alongside the US, Germany, France, and Russia.

A fake vaccine advertisement.
Source: Check Point

22. An illegal streaming service had over 2 million subscribers

In June 2020, police arrested a total of 11 individuals, four of whom were located in Spain. The arrests were made in relation to the illegal distribution of audio-visual content in Europe, the Middle East, and Asia. The network was broadcasting more than 40,000 channels, TV shows, and movies illegally to an estimated two million subscribers. Other arrests were made in Germany, Sweden, and Denmark.

23. 86% don’t know how to report cyber crime

A February 2021 study examined how many Europeans know how to report cyber crime. The numbers were quite alarming with 77 percent on average reporting that they didn’t know how to report illegal online behavior. The numbers in Spain were even worse than the European average with 86 percent saying they lacked knowledge on this topic.

24. 23 Spanish suspects were arrested for stealing €12 million from US banks

In February 2021, a Europol operation led by the Spanish National Police saw the arrest of 105 people involved in a massive fraud and money laundering scheme. The sting was the result of an investigation into a crime ring that managed to steal more than €12 million from over 50 US banks. The criminal organization involved was mainly formed of Greek nationals, but most of the retailers who assisted with fraudulent transactions were based in Spain.

Europol infographic.
Source: Europol

25. Over 200 GDPR-related fines have been issued in Spain

Since the GDPR was first instituted in 2018, there have been a total of 625 fines issued (that have been made public). Almost one-third of these (212) were issued in Spain.

26. The total value of GDPR fines issued in Spain is almost €15 million

In its Data Breach Report 2021, DLA Piper tracked GDPR fine amounts since May 2018. It found that Spanish companies have paid a total of €14,490,094. While this is a large chunk of money, it is significantly lower than the total amount paid by companies in Italy (€69 million), Germany (€69 million), France (€54 million), and the UK (€44 million).

Data breach fines graph.
Source: DLA Piper

27. Vodafone Spain was fined €8.15 million for repeat GDPR breaches

The largest GDPR fine issued in Spain to date was that handed to Vodafone. The company repeatedly breached the GDPR and was ordered to pay many smaller fines before being issued with several larger fines amounting to €8.15 million. The company was accused of various violations including conducting data transfers without proper safeguards in place and contacting customers without consent.

28. Organizations spend 22% of their IT budget on cyber security

The Hiscox Cyber Readiness Report 2021 examines how prepared organizations are for cyber attacks. It found that organizations in Spain spend 22 percent of their IT budget on security. This is fairly comparable with most other countries studied (the range is 20–23 percent) and represents a large increase over 2019 when the figure was 15 percent. However, this report disagrees with the CDR mentioned above which states the figure is closer to 12 percent.

IT security spend.
Source: Hiscox

29. 58% of Spanish firms are ranked as novices when it comes to cyber security

The Hiscox report ranks organizations as novices and experts. 58 percent were ranked as novices and only nine percent as experts. In comparison, in the US, 25 percent are experts and 27 percent are considered novices.

30. 26% of companies have standalone cyber insurance

We mentioned cyber insurance above and that Sophos found that 83 percent of Spanish companies have cyber insurance. Hiscox broke that down to discover who had standalone cyber insurance and found that more than one-quarter of companies carry this type of insurance.

See also: