There’s no denying that cyber crime is rampant across the globe, and as societies become increasingly digitally focused, cyber security concerns continue to grow. Individuals and businesses in Spain are no strangers to cyber attacks. Most organizations have dealt with some sort of cyber crime and the country itself is the source of many attacks.
Here, we shine a spotlight on Spain and look at the latest facts, statistics, and trends surrounding cyber crime and cyber security in the country.
1. 89.8% of Spanish organizations were compromised in one or more successful attacks in the past year
The CyberEdge Group 2021 Cyberthreat Defense Report (CDR) provides insight from security professionals across the globe. It found that over a 12-month period, almost nine in 10 Spanish companies had experienced a successful cyber attack. Out of all organizations surveyed across the globe, nearly 40 percent reported being “frequent victims,” dealing with six or more successful attacks within a year.
2. 62% of Spanish organizations were impacted by ransomware in the past 12 months
The CDR report found that most countries saw a significant impact as a result of ransomware. In Spain, well over half of all organizations (62 percent) were affected by such an attack, more than the likes of Italy (60 percent) and Japan (56 percent). While Spain’s figure seems high, there were a number of studied countries that were worse affected. This includes Australia (79.6 percent), the USA (78.5 percent), and Saudi Arabia (77.6 percent).
3. Spanish organizations allocate 12.3% of their IT budget to security
According to the CDR, Spanish organizations spend just over 12 percent of their IT budget on security. This is slightly higher than in several countries including Canada (11.1 percent) and the UK (10.9 percent), but lower than others. Brazil tops the list at 15.0 percent followed by Colombia at 14.7 percent. The 2021 mean across all countries studied was 12.7 percent, a decrease from the 12.8 percent of 2020.
4. Over 85% of Spanish organizations have a preference for security products that use AI and machine learning.
It seems that Spanish organizations are keeping up with technology. The CDR tells us that 85.4 percent say that when it comes to selecting security products, they have a strong or moderate preference for those that use AI and machine learning. While more than Germany (71.6 percent) and France (73.3 percent), it was still some way behind the 98% of Saudi Arabia and 96.6% of Turkey.
5. Spain was one of the top 3 countries attacked by mobile banking malware
Kaspersky’s report on mobile malware breaks down which countries were worst hit by mobile bankers in 2020. The study found that 0.77 percent of Spanish users were attacked by mobile bankers. This was significantly lower than the rate in Japan which took the top spot with 2.83 percent, but only slightly lower than second place Taiwan, with 0.87 percent.
6. Over 40% of Spanish organizations were hit by ransomware in 2021
The Sophos State of Ransomware Report 2021 reveals how many organizations in each country were hit by ransomware. At 44 percent, Spain was above the global average of 37 percent. This, according to the report, was far higher than Poland (just 13 percent) and Japan (15 percent). However, it was still far less than India (68 percent) and Austria (57 percent).
7. Data encryption was prevented in almost half of attacks
The Sophos State of Ransomware Report 2020 notes how often organizations were able to stop attacks before data encryption took place. Spanish companies fared well, stopping 44 percent of attacks in their tracks. This was second only to Turkey, where 51 percent of attacks were blocked.
8. Only 4% of victims paid the ransom
Although the remaining 96 percent of attacks did involve data encryption, the ransom was paid by only four percent of victims. This was lower than any other country studied. Preparedness was likely a major factor here as Sophos found that 72 percent of Spanish companies were able to restore data from backups.
9. Ransomware attacks cost Spanish companies an average of $600,000
Sophos tells us that the ransomware remediation cost more than doubled from 2020 to 2021. While Spanish companies spent an average of $280,000 to remediate a ransomware attack in 2020, this rose to $600,000 in 2021. While this sounds high, it was significantly less than the $1.85 million USD global average. Austrian organizations had the highest remediation bill at an average of over $7.75 million, followed by Belgium at $4.75 million and Singapore at $3.46 million.
10. 83% of Spanish companies have cyber security insurance
One more interesting point covered by Sophos is the popularity of cyber security insurance. More than eight in 10 companies in Spain have a cyber insurance policy and 70 percent of organizations have ransomware covered under their insurance.
11. Only 28% of Spaniards know what ransomware is
Proofpoint’s 2021 State of the Phish Report asked users in various countries about the definitions of terms such as phishing, ransomware, and malware. Only around one in five respondents knew what ransomware is. The country did fare better with some other terms including phishing (63 percent) and malware (75 percent).
12. A 2021 ransomware attack affected 700 SEPE offices across Spain
The SEPE (the Spanish government labor agency) was the subject of a large ransomware attack in March 2021. Systems were impacted in more than 700 offices across the country, forcing workers to temporarily halt the digital processing of applications and instead work manually. The popular Ryuk ransomware was reportedly involved in the attack.
13. Spain was responsible for 2.66% of 2020 spam
A Kaspersky report on spam and phishing in 2020 found that a relatively small portion of spam originates in Spain. The country is the source of 2.66 percent of spam, whereas the top source, Russia, is responsible for 21.27 percent.
14. Spain was a core target for malicious email campaigns in 2020
Another notable statistic from the Kaspersky report was the fact that Spain was the top target for malicious email campaigns in 2020, receiving a share of 8.48 percent. In second place was Germany with 7.28 percent and in third was Russia with 6.29 percent.
15. Spain trails only the US when it comes to COVID-19 related malicious file detections
McAfee has been tracking COVID-19 related malicious file detections since May 2020. Unsurprisingly, the US ranks top, having dealt with over 1 million. However, Spain is not all that far behind with well over 750,000 file detections in the past year. The vast majority of the threats observed are Trojans, although PUPs (Potentially Unwanted Programs) made sporadically high-frequency appearances in 2021.
16. Spain scored 59th out of 75 countries for cyber security
A Comparitech study gave each of 75 countries a score based on a variety of factors including the rate at which users experience various types of malware and phishing attacks. In terms of overall cyber security, Spain ranks fairly low compared to other countries with a score of 23.34. The range was 3.56–35.54 (lower is better). Denmark, Sweden, and Ireland topped the list, while Tajikistan, Bangladesh, and China made up the bottom three.
17. Spain is in the top five countries in Europe affected by stalkerware
A 2020 Kaspersky report on stalkerware found that Spain was one of the top five countries impacted by this type of malware. 873 users in the country dealt with stalkerware in 2020. In Germany, the number was much higher at 1,547, with Italy (1,144), the UK (1,009), and France (904) making up the remainder of the top five. That said, European numbers are significantly lower than in the worst-hit countries which include Russia (12,389 impacted users), Brazil (6,523), and the US (4,745).
18. Most attacks disguised as popular TV shows came from Spain
A 2020 Kaspersky study looked at how cyber criminals use popular TV shows to spread malware through streaming platforms. The top shows used as lures were The Mandalorian, Stranger Things, The Witcher, Sex Education, and Orange Is the New Black. Over half (51 percent) of the attacks disguised as these five shows originated in Spain.
19. Cyber crime in Spain rose by 300%
A cyber security expert from the International University of La Rioja (UNIR) Juan José Nombela estimates that cyber crime has increased up to 300 percent during the pandemic. The surge is attributed to increased use of digital banking and online shopping, among other shifts.
20. 43% of the population don’t have basic digital skills
According to the Spanish government’s Nation Digital Skills Plan, 43 percent of Spaniards lack basic digital skills. As such, training and education is a key component in the country’s cyber security strategy.
21. Spain is a hotspot for the sale of fake COVID-19 vaccines and certificates
Since the development of various COVID-19 vaccines, many counterfeit versions have popped up on darknet marketplaces. In addition, fraudsters are peddling “vaccine passports,” fake documentation that claims the holder has received a vaccination. Spain was named among the hotspots for this activity, alongside the US, Germany, France, and Russia.
22. An illegal streaming service had over 2 million subscribers
In June 2020, police arrested a total of 11 individuals, four of whom were located in Spain. The arrests were made in relation to the illegal distribution of audio-visual content in Europe, the Middle East, and Asia. The network was broadcasting more than 40,000 channels, TV shows, and movies illegally to an estimated two million subscribers. Other arrests were made in Germany, Sweden, and Denmark.
23. 86% don’t know how to report cyber crime
A February 2021 study examined how many Europeans know how to report cyber crime. The numbers were quite alarming with 77 percent on average reporting that they didn’t know how to report illegal online behavior. The numbers in Spain were even worse than the European average with 86 percent saying they lacked knowledge on this topic.
24. 23 Spanish suspects were arrested for stealing €12 million from US banks
In February 2021, a Europol operation led by the Spanish National Police saw the arrest of 105 people involved in a massive fraud and money laundering scheme. The sting was the result of an investigation into a crime ring that managed to steal more than €12 million from over 50 US banks. The criminal organization involved was mainly formed of Greek nationals, but most of the retailers who assisted with fraudulent transactions were based in Spain.
25. Over 350 GDPR-related fines have been issued in Spain
Since the GDPR was first instituted in 2018, there have been a total of 1,000 fines issued (that have been made public). Well over one-third of these (361) were issued in Spain.
26. The total value of GDPR fines issued in Spain is almost €15 million
In its Data Breach Report 2021, DLA Piper tracked GDPR fine amounts since May 2018. It found that Spanish companies have paid a total of €14,490,094. While this is a large chunk of money, it is significantly lower than the total amount paid by companies in Italy (€69 million), Germany (€69 million), France (€54 million), and the UK (€44 million).
27. Vodafone Spain was fined €8.15 million for repeat GDPR breaches
The largest GDPR fine issued in Spain to date was that handed to Vodafone. The company repeatedly breached the GDPR and was ordered to pay many smaller fines before being issued with several larger fines amounting to €8.15 million. The company was accused of various violations including conducting data transfers without proper safeguards in place and contacting customers without consent.
28. Organizations spend 22% of their IT budget on cyber security
The Hiscox Cyber Readiness Report 2021 examines how prepared organizations are for cyber attacks. It found that organizations in Spain spend 22 percent of their IT budget on security. This is fairly comparable with most other countries studied (the range is 20–23 percent) and represents a large increase over 2019 when the figure was 15 percent. However, this report disagrees with the CDR mentioned above which states the figure is closer to 12 percent.
29. 58% of Spanish firms are ranked as novices when it comes to cyber security
The Hiscox report ranks organizations as novices and experts. 58 percent were ranked as novices and only nine percent as experts. In comparison, in the US, 25 percent are experts and 27 percent are considered novices.
30. 26% of companies have standalone cyber insurance
We mentioned cyber insurance above and that Sophos found that 83 percent of Spanish companies have cyber insurance. Hiscox broke that down to discover who had standalone cyber insurance and found that more than one-quarter of companies carry this type of insurance.