Spain has recently found itself in a precarious position regarding cybersecurity . It now ranks as the third most attacked domain globally with its .es domain, trailing only behind .com and .ru . Alarmingly, cybersecurity incidents have spiked by 64% over the previous year, prompting questions about why Spain is such an attractive target for cybercriminals.
Moreover, a report from Cofense, a company focusing on phishing defense, indicates a staggering 19-fold increase in attacks on domains during the last quarter of 2024 and the first quarter of 2025. A significant 99% of these attacks are aimed at phishing, while the remaining 1% focuses on distributing various remote access Trojans .
The methodology behind these attacks is primarily through email . Attackers often simulate Microsoft addresses, utilizing these methods to lure victims into inadvertently compromising their devices.
Once infected, attackers gain unfettered access to the victim’s computer, allowing them to:
- Capture the screen
- Record keystrokes
- Activate or deactivate the camera and microphone
- Access files on the PC
So, what makes Spain an enticing target? Experts like Francisco Valencia, the director of Hackrisk.io , suggest several contributing factors:
- The strong international presence of Spanish companies.
- Geographic location serving as a bridge between Europe and America, bolstered by submarine cables like Marea and Grace Hopper .
- Shifts in the global landscape post-Brexit, drawing attention away from the UK.
Additional factors heightening Spain’s vulnerabilities include the rapid digitalization of businesses fueled by European funds, which has exposed weaknesses in small and medium enterprises. The public administration has also shown signs of vulnerability, all of which places Spain as the second most targeted country for cyber threats globally.
The impact of these cyber attacks has been profound. Recent incidents involve disruptions within the Spanish administration’s systems, specifically affecting several municipalities. Notable organizations like CNMC , Repsol , and Telefónica have found themselves in the crosshairs of these cyber threats.
As of now, Spain is grappling with two significant cyber attacks disrupting municipal systems. Melilla has been embroiled in an ongoing attack for two weeks, reputedly linked to a Russian group, while a smaller municipality in Alicante , Villajoyosa , faces similar challenges.
In response to this alarming trend, the Council of Ministers approved a €1.157 billion package in May 2025 to bolster national cybersecurity efforts. This funding is allocated across various sectors, including defense, digital transformation, public administration, and national security.
Focus is also being directed towards processing the transposition of the NIS2 directives and the EU Regulation Dora . This essential framework aims to compel critical sectors—such as energy, telecommunications, health, and finance—to report cybersecurity incidents and implement more robust risk management systems.
Despite these plans, tangible improvements in Spain’s cybersecurity landscape remain elusive. The increasing number of attacks and the growing sophistication of cybercriminals highlight a pressing need for enhanced strategies and robust defenses. Until then, Spain remains a high-profile target on the global cyber threat map.
In today’s digital world, especially amidst a burgeoning population of remote workers and digital services, cybersecurity is not just a technical issue ; it has become fundamental for the safety and resilience of society as a whole. As such, it is essential for all stakeholders—governments, businesses, and individuals—to remain vigilant, educated, and proactive in guarding against these persistent threats.

