In recent years, SMEs in Spain have been increasingly exposed to cyber attacks that threaten their operations, the security of their data and the trust of their customers. These SMEs operate in an increasingly complex digital environment, where risks are constantly increasing. Among the most worrying types of attacks of increasing importance to SMEs is ransomware, which combines data encryption with the threat of disclosure if a ransom is not paid.

However, the data show that complying with cybercriminals’ demands and paying does not always imply the recovery of sensitive information from SMEs. In fact, according to Hiscox’s 2025 Cyber ​​Preparedness Report, only 57% of Spanish SMEs that paid a ransom for a ransomware cyber attack in the last 12 months managed to recover some or all of their data.

Furthermore, 25% of Spanish SMEs that made the payment ended up seeing their sensitive information leaked, a figure that contrasts strongly with the 7% recorded in 2024, which shows that the risk of exposure continues to be high for SMEs, despite the measures adopted. Additionally, 31% of companies discovered that the recovery key provided by cybercriminals did not work, while 29% suffered a new attack after the initial incident, a particularly critical situation for SMBs with limited resources.

Beyond this data, in 28% of cases attackers demanded additional payments, and 46% of companies were forced to completely rebuild their systems, even after receiving a valid key. On the other hand, 32% of SMEs confirmed that, in the end, their data was not leaked, but this percentage does not compensate for the latent risk of exposure of sensitive information, making it clear that for SMEs depending solely on payment does not guarantee peace of mind or effective protection.

Avoiding the publication of sensitive data, the main reason for paying a ransom

The study indicates that ransomware has affected 31% of Spanish SMEs in the last 12 months, confirming that this type of attack has established itself as a persistent threat for SMEs in Spain. In this context, and faced with the uncertainty about the consequences of an attack, many SMEs find various reasons for acceding to the demands of cybercriminals.

On the one hand, 90% of companies acknowledge having paid a ransom to prevent the publication of sensitive information, a particularly relevant concern for SMEs, while 86% did so with the specific objective of recovering their data. However, these measures are not always sufficient: 88% of SMEs also chose to reconstruct information manually and another 86% managed to restore it from available backups.

Ransomware cyber attacks have affected 31% of Spanish SMEs in the last year

On the other hand, the increasing sophistication of cybercriminals means that these attacks do not depend on a single vector, but rather take advantage of multiple entry routes to penetrate organizations, including SMEs. Physical facilities, employees and partners each represent 22% of the access points identified, reflecting how SMB security can be compromised both from within and through external actors.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.