The National Cybersecurity Institute (INCIBE), an entity dependent on the Ministry for Digital Transformation and the Public Service, through the Secretary of State for Telecommunications and Digital Infrastructure (SETID), managed, through its CERT (cybersecurity incident response team), a total of 122,223 cybersecurity incidents in Spain, which represents an increase of 26% compared to 2024.

INCIBE-CERT, the reference team for the management of incidents that affect citizens, companies, digital service providers, RedIRIS entities and essential and important operators in the private sector, proactively detected and notified 237,028 relevant vulnerable systems, susceptible to being exploited by cybercriminals to access networks or cause cybersecurity incidents.

In the area of ​​essential and important operators, aligned with the NIS2 directive and vital for the functioning of society, INCIBE attended to a total of 401 incidents, which reflects the criticality of this type of incident for the continuity of essential services.

Main sectors affected in 2025

● Banking: 34%

● Transportation: 14%

● Energy: 8%

● Financial market infrastructures: 7%

● Insurers and pension funds: 6%

Main incidents that occurred in 2025

Among the main cases that were detected throughout the past year, the following should be highlighted:

• Malware, with 55,411 incidents, including viruses and other malicious software that affect devices. Of these, 392 incidents corresponded to ransomware attacks, in which cybercriminals lock systems or files and demand financial ransoms.

• Of the infected systems controlled remotely by cybercriminals (botnet) identified by INCIBE-CERT, 85% of incidents are related to smart devices (IoT), such as televisions, set-top boxes or media players.

• Online fraud accounts for 4 out of every 10 security incidents, with 45,445 cases, 19% more than the previous year. Phishing leads this type of incidents, with 25,133 cases, through fake emails that impersonate banks or well-known companies to steal personal data.

• Work was done, in collaboration with Red.es, to close 4,600 potentially fraudulent .es web domains, all of them related to security incidents and reported by INCIBE.

• Cybersecurity incidents associated with information theft amounted to 3,849 cases of unauthorized access or theft of digital and/or confidential data.

INCIBE’s free and confidential service, ‘Your Help in Cybersecurity’, answered 142,767 queries in 2025, 44.9% more than in 2024, through its telephone, WhatsApp, Telegram, web form and in-person assistance. 49% were preventive consultations, resolving doubts before incidents occurred, while 51% were reactive, helping victims mitigate damage once the incident occurred.

85% of incidents are related to IoT devices, such as televisions, decoders or media players

The main topics of consultation at 017 were varied. 28% of users had received phishing attempts by email, vishing or smishing, all of them linked to incidents of digital fraud; 16% needed advice after incidents related to fraudulent purchases on the Internet; and 14% contacted the Helpline for incidents of digital identity theft.

In addition, 5% of minor consultations requested help and advice for incidents of cyberbullying, and 3,302 reports of inappropriate content related to child sexual abuse were registered through the INCIBE hotline.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.