The sectoral map of the risk of cyberattacks has become broader, more intense and less predictable, significantly raising the level of risk for organizations. Globally, education was once again the most attacked sector in August 2025, with an average of 4,178 weekly cyberattacks per educational organization, followed by telecommunications (2,992) and government institutions (2,634).

In Spain, in that same period, the most attacked sectors were administrations, consumer goods and services, telecommunications and the manufacturing industry, according to data from Qaracter, a Spanish technology consultancy specialized in the financial and insurance sector, which shows a growing transversal risk.

Added to this sectoral pressure is a general context of strong growth in the threat and associated risk. INCIBE managed 122,223 cybersecurity incidents in 2025, which is 26% more than in 2024. In addition, online fraud represented 45,445 cases, 19% more year-on-year, and phishing once again led this typology with 25,133 incidents, increasing the risk for companies and citizens.

Global leadership is no longer just in finance

The international photo shows a relevant change in the risk hierarchy. Although financial services continue to be a critical target for attackers and concentrate a high level of risk, the most recent global leadership by weekly volume of attacks per organization shifts towards education, telecommunications and government, three sectors in which service interruption generates a high capacity for operational and reputational pressure, increasing their exposure to risk. In addition, Check Point highlights that agriculture was the sector with the highest year-on-year growth, with 1,667 weekly attacks per organization and an increase of 101%, which reinforces the idea that cyber risk is expanding to new areas of the real economy.

Spain draws its own geography of risk

In the Spanish case, the sectoral pattern also breaks stereotypes and redefines the risk map. Along with telecommunications, administrations, consumption and the manufacturing industry appear among the most attacked sectors, which confirms that risk exposure no longer depends only on the degree of digitalization, but also on operational dependency, technological capillarity and the position of the sector in critical supply chains. In August 2025, Spain registered an average of 2,024 weekly cyberattacks, 16% more than in the same month of 2024, increasing the global level of country risk.

Banking remains critical in essential infrastructure

If we look at the scope of essential and important operators, the relevance of the financial sector remains strong and with a high level of structural risk. Of the 401 incidents attended to by INCIBE in 2025 in this perimeter, banking accounted for 34%, followed by transportation (14%), energy (8%), financial market infrastructure (7%) and insurance and pension funds (6%). This photograph confirms that, although the risk has widened, activities critical to the functioning of society remain under especially high pressure and at sustained risk.

More volume, more sophistication, more demand

Recent indicators also point to an intensification of the threat and operational risk. Check Point recorded 531 reported ransomware attacks in August 2025, 14% more year-on-year. In parallel, INCIBE points out that malware continued to be the most frequent typology in 2025, with 55,411 cases, including 392 ransomware attacks, increasing the technological risk. This scenario is aggravated by the extent of fraud, the growing weight of social engineering and the exploitation of connected devices: INCIBE estimates that 85% of systems infected and controlled remotely by cybercriminals were related to IoT devices, which amplifies the risk exponentially.

The advantage will be in who resists better

For Qaracter, this new geography of risk requires a more precise sector response to mitigate each type of specific risk. A public administration, a telecom company, a financial institution or an industrial plant do not face the same challenges. But they all share the same requirement: reinforce prevention, reduce risk, tighten third-party supervision, rehearse operational continuity and professionalize the response to the incident.

“The decisive thing is no longer just which sector receives the most attacks, but which organizations are best prepared to absorb the impact, contain it and continue operating in the face of risk. This is where a growing part of business competitiveness will play in the coming years,” adds Enrique Galván, CEO of Qaracter.

For Qaracter, this new geography of risk requires a more precise sectoral response to mitigate each type of specific risk.

The new cyberattack map reflects a double reality: on the one hand, essential sectors with high digital exposure continue to be a priority for attackers and concentrate the greatest risk; On the other hand, the threat is extending to activities in which an operational interruption can generate a high domino effect, increasing systemic risk. This makes sector resilience a strategic priority for 2026, especially in an environment marked by greater regulatory demands and increasing pressure on critical infrastructure and its risk management.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.