Spain ranks among the European countries with the highest number of cyberattacks recorded. In 2024 more than 120,000 incidents were logged, and projections for 2025 point to an even more demanding scenario.

Digital threats are no longer the preserve of large corporations or countries with critical infrastructure. Spanish SMEs are now a priority target for cybercriminals, precisely because they often have weaker defences. Knowing the most common attack vectors is the first step towards protection.

Threat 1: Increasingly targeted ransomware

Ransomware has evolved: it is no longer launched en masse hoping for random victims. Organised groups conduct prior reconnaissance of their targets, identify critical systems and maximise damage to increase the probability of payment. The most common tactic is no longer just encrypting data, but threatening to publish it.

The Ransomware-as-a-Service (RaaS) model has democratised this type of attack, allowing actors with limited technical knowledge to launch sophisticated campaigns. The health, finance and critical infrastructure sectors are the most affected.

Threat 2: AI-powered phishing

Phishing is not new, but AI has multiplied its danger. Messages no longer contain obvious spelling errors: they are impeccably written, personalised with data from previous breaches and sent at the most opportune moment. The increase was 35% in 2024 compared with the previous year.

Beyond email, smishing (SMS), vishing (calls) and spear phishing targeting executives are growing variants. The objective is always the same: compromise the credentials of a person with privileged access.

Threat 3: IoT device vulnerabilities

With more than 75 billion IoT devices projected for 2025, the corporate attack surface has expanded enormously. 60% of IoT devices analysed in 2024 had critical vulnerabilities, mostly due to lack of firmware updates and unmodified default configurations.

A security camera, smart thermostat or connected scale can be the entry point to the corporate network. IoT security requires specific network segmentation policies and systematic updates.

Threat 4: Digital supply chain attacks

Compromising a software or digital services provider to access its customers is a growing tactic. The supply chain attack exploits the implicit trust that exists between a company and its technology providers. Legitimate software updates, third-party plugins or API integrations can become attack vectors.

Threat 5: Social engineering and deepfakes

Social engineering has always existed, but generative AI has elevated its sophistication to another level. Voice and video deepfakes allow attackers to impersonate executives to authorise fraudulent transfers or extract sensitive information. Identity verification in critical processes is now a necessity.

Five measures to protect your company now

  • Train your team regularly in phishing recognition and password policies.
  • Implement multi-factor authentication (MFA) on all corporate accesses.
  • Conduct periodic security audits and penetration tests.
  • Segment the network to isolate IoT devices from the operational core.
  • Have an incident response plan with clear responsible parties and procedures.

Want us to assess your company's current level of protection? Contact our cybersecurity team .