Cybersecurity is consolidated as one of the top priorities for CIOs in Spain in this mid-2026 period. The increase in cyberattacks and the sophistication of threats place phishing, social engineering and ransomware as the main risks for their organizations, according to the II Barometer of Cybersecurity in Medium Enterprises, published by Cylum, the business unit of Factum.
These types of threats exploit the human factor to compromise credentials, access corporate systems or distribute malware, taking advantage of increasingly digitalized and distributed business environments.
The concern is not accidental. Spain closed 2025 with more than 122,000 cybersecurity incidents managed by INCIBE, 26% more than the previous year, while cases related to phishing exceeded 25,000 incidents. In addition, the country is already among the five most affected countries in the world by spam and phishing campaigns.
“Cybercriminals continue to enter through relatively simple vectors, such as phishing or social engineering, but once inside they use much more sophisticated techniques to move laterally and compromise critical systems,” explains David López, director of operations and pre-sales at Cylum.
Ransomware keeps companies on alert
Along with phishing, ransomware remains a top concern for IT teams due to its ability to paralyze operations and cause significant financial losses. In Spain, this type of attacks continues to affect both private companies and public infrastructure and essential operators.
Added to this are vulnerabilities in systems and applications, aggravated by the complexity of hybrid environments and the difficulties in maintaining effective update policies. In fact, in Spain, more than 237,000 systems were detected
vulnerable during 2025, which highlights the challenges that many organizations still face in protecting their digital environments.
From prevention to detection and response
Companies are beginning to assume that cybersecurity can no longer depend solely on prevention. The rise of more sophisticated attacks is driving strategies focused on early detection and rapid incident response capabilities.
In this context, technologies such as EDR and XDR gain prominence by allowing threats to be detected and contained before they impact the business. For many midsize businesses, combining these tools with managed monitoring and response services has become an effective way to strengthen their security without expanding their internal teams.
“The speed of detection has become a critical factor. Today the objective is not only to avoid an attack, but to be able to identify and contain it before it generates a real impact on the business,” says López.
Furthermore, the entry into force of regulations, such as NIS2, are accelerating this change in approach and raising the demands regarding protection and incident management.
Visibility, the great pending challenge for CIOs
The lack of integration between security tools has become one of the main challenges for mid-sized business CIOs. The lack of unified visibility makes it difficult to interpret risks, prioritize alerts, and make decisions quickly in an increasingly complex environment.
The entry into force of regulations, such as NIS2, are accelerating this change in approach and raising the demands on protection and incident management.
Faced with this situation, companies are looking for models that allow them to centralize information and understand more clearly what their real cybersecurity situation is. The need is no longer to incorporate technology, but to ensure that the systems work in a coordinated manner and with context.
Platforms like Cylum Hub respond to this trend, helping to simplify cybersecurity governance and offering a continuous, structured view of the organization’s security status.
