Protection against cyberattacks continues to be a critical challenge for SMEs in Spain, where the speed of threats frequently exceeds the response capacity of security teams. A new report from Kaspersky reveals that there is a worrying gap between senior management and IT leaders, which could compromise not only technology systems but also business strategy.
According to the study “Cybersecurity in practice, What bothers, what is missing and what really helps?”, 32% of those responsible for cybersecurity in Spain consider that their managers do not understand the strategic importance of digital protection. This disconnection translates into difficulties in prioritizing resources and coordinating defense against sophisticated attacks.
Oscar Suela, general director of Kaspersky Iberia, underlines the magnitude of the problem, “The challenge lies not so much in the lack of tools as in the need to generate coherence. Signals often arrive faster than decisions, meaning controls and workflows can stop just at the critical moment when action is required. In many SMEs, this situation is aggravated because security is managed by generalist IT staff or by small individual specialists, and only 32% have a team dedicated exclusively to cybersecurity.
Suela emphasizes that recognizing the business relevance of cybersecurity is key to closing the gap between strategy and operations, “With this foundation, organizations can strengthen the initial assessment process, preserve context and expedite the escalation of incidents to prevent tactical problems from becoming strategic risks.”
Threat activity and its operational impact
The study shows that the most frequent cyberattacks in Europe are backdoors, with 24%, Trojans (17%) and not-a-virus:Downloader (16%). In Africa, not-a-virus:Downloader leads with 55%, followed by DangerousObject (14%) and Trojans (13%). These regional differences demonstrate the need for adapted strategies and constant surveillance.
The report also reflects the pressure IT teams face: 28% say tracking threats is a full-time job, while 10% feel overwhelmed by alerts and 13% spend more time troubleshooting security tools than blocking actual attacks. In addition, 25% say that security solutions slow down workflows, turning protection into an operational risk factor.
Capacity gap and internal structures
In many SMEs, the shortage of specialists forces them to rely on general IT teams (30%) or cybersecurity experts integrated into those teams (33%). Only 32% of companies have a dedicated team, and only 5% use external partners to design and manage digital security.
Paradoxically, security managers show high levels of internal satisfaction: 90% positively value integrated specialists, 56% positively value IT departments in general, and 95% positively value dedicated internal cybersecurity teams, reflecting a contrast between perception of performance and actual exposure to risk.
Recommendations and tools for SMEs
To address these gaps, Kaspersky proposes several practical solutions. Kaspersky Next for SMBs integrates advanced endpoint protection with EDR and XDR, offering real-time visibility, investigation and response. For organizations with consolidated infrastructure, Kaspersky Next XDR Optimum extends integration and telemetry to automate responses through playbooks.
For businesses with limited IT resources, Kaspersky Small Office Security provides protection against financial fraud, data theft, and ransomware without the need for in-house specialists. Additionally, the Automated Security Awareness Platform facilitates role-specific training to reduce daily risks and foster a culture of cyber resilience.
