Spain has recently found itself in a precarious position regarding  cybersecurity . It now ranks as the third most attacked domain globally with its  .es  domain, trailing only behind  .com  and  .ru . Alarmingly, cybersecurity incidents have spiked by  64%  over the previous year, prompting questions about why Spain is such an attractive target for cybercriminals.

Moreover, a report from Cofense, a company focusing on phishing defense, indicates a staggering  19-fold increase  in attacks on domains during the last quarter of 2024 and the first quarter of 2025. A significant  99%  of these attacks are aimed at phishing, while the remaining  1%  focuses on distributing various  remote access Trojans .

The  methodology  behind these attacks is primarily through  email . Attackers often simulate Microsoft addresses, utilizing these methods to lure victims into inadvertently compromising their devices.

Once infected, attackers gain unfettered access to the victim’s computer, allowing them to:

  • Capture the screen
  • Record keystrokes
  • Activate or deactivate the camera and microphone
  • Access files on the PC

So, what makes  Spain  an enticing target? Experts like Francisco Valencia, the director of  Hackrisk.io , suggest several contributing factors:

  • The  strong international presence  of Spanish companies.
  • Geographic location serving as a bridge between Europe and America, bolstered by submarine cables like  Marea  and  Grace Hopper .
  • Shifts in the global landscape post-Brexit, drawing attention away from the UK.

Additional factors heightening Spain’s vulnerabilities include the rapid  digitalization  of businesses fueled by European funds, which has exposed weaknesses in small and medium enterprises. The public administration has also shown signs of vulnerability, all of which places Spain as the  second most targeted country  for cyber threats globally.

The  impact  of these cyber attacks has been profound. Recent incidents involve disruptions within the Spanish administration’s systems, specifically affecting several municipalities. Notable organizations like  CNMC ,  Repsol , and  Telefónica  have found themselves in the crosshairs of these cyber threats.

As of now, Spain is grappling with two significant cyber attacks disrupting municipal systems. Melilla has been embroiled in an ongoing attack for two weeks, reputedly linked to a Russian group, while a smaller municipality in  Alicante ,  Villajoyosa , faces similar challenges.

In response to this alarming trend, the  Council of Ministers  approved a €1.157 billion package in May 2025 to bolster national cybersecurity efforts. This funding is allocated across various sectors, including defense, digital transformation, public administration, and national security.

Focus is also being directed towards processing the  transposition of the NIS2 directives  and the  EU Regulation Dora . This essential framework aims to compel critical sectors—such as energy, telecommunications, health, and finance—to report cybersecurity incidents and implement more robust risk management systems.

Despite these plans, tangible improvements in Spain’s cybersecurity landscape remain elusive. The increasing number of attacks and the growing sophistication of cybercriminals highlight a pressing need for enhanced strategies and robust defenses. Until then, Spain remains a high-profile target on the global cyber threat map.

In today’s digital world, especially amidst a burgeoning population of remote workers and digital services, cybersecurity is not just a  technical issue ; it has become fundamental for the safety and resilience of  society  as a whole. As such, it is essential for all stakeholders—governments, businesses, and individuals—to remain vigilant, educated, and proactive in guarding against these persistent threats.



General News – 2