SonicWall has released its Cyber ​​Protect 2026 report, introducing a new approach focused on real protection outcomes for businesses and cyber attacks. The study focuses on Spain, which stands out as one of the most exposed countries in the world in terms of cyber threats.

The report reveals that at the national level the highest intensity of attacks per device in all of Europe is recorded, with an average of 93,474 high and medium severity intrusion events per firewall in 2025. This figure exceeds not only countries such as Germany, Italy, the United Kingdom or France, but also the United States. Furthermore, intrusion attempts have more than doubled in the last year, with an increase of 119.8%, the highest growth recorded among the European markets analyzed, driven by the increase in automated cyberattacks.

Infrastructure exposed to the public

Another of the most relevant data is the clear dominance of attacks aimed at web applications in Spain. 82% of all intrusion activity focuses on this vector, with more than 335 million detections recorded. This level of concentration has no equivalent in other European countries, where the weight of these attacks is significantly lower. According to the report, the web infrastructure exposed to the public in Spain is subject to a constant assault by automated and technically diverse cyberattacks, which forces the adoption of multi-layer defense strategies.

The use of automation also shapes the current landscape: bots generate more than 36,000 scans per second in search of vulnerabilities, and automated malicious traffic already represents 37% of total Internet traffic. This context is accelerating the speed of cyberattacks and reducing response times for cybercriminals.

Much ransomware comes from older malware families

Regarding ransomware, Spain presents a differential behavior compared to the rest of Europe. Although the total volume of detections has fallen by 59.6% year-on-year, more than 31 million events are still recorded, a figure much higher than that of other countries such as the United Kingdom. The report highlights that much of this activity comes from massive campaigns based on old malware families, indicating that the Spanish market remains exposed to less sophisticated but highly persistent cyberattacks.

“The real problem is not the sophistication of cyberattacks, but that we continue to fail at the basics,” says Michael Crean, senior vice president at SonicWall. “Many organizations use the complexity of the threat landscape as an excuse, when in reality failures remain foreseeable and avoidable.”

Automated malicious network traffic now accounts for 37% of total Internet traffic

The Seven Deadly Sins of cybersecurity

In this sense, the report identifies the so-called “seven deadly sins of cybersecurity”, a series of recurring errors that explain the majority of breaches in SMEs and facilitate the success of cyberattacks. These include the lack of basic measures such as system patching, excess privileges, the absence of continuous monitoring or dependence on obsolete access models such as traditional VPNs. Thus, the seven deadly sins are:

  • Ignoring basics — Weak authentication, unpatched systems, and excessive administrator privileges remain the primary attack surface for cyberattacks.
  • False Confidence — Believing your business is too small to be the target of an attack, overestimating the effectiveness of controls, and taking resilience for granted without testing it creates dangerous blind spots.
  • Excessive access — Overly permissive rules, flat networks, and implicit trust behind authentication allow attackers to move freely once a cyberattack is initiated.
  • Reactive security approach — Without 24/7 monitoring and proactive threat detection, attackers set the pace. On average, leaks are not detected until 181 days have passed.
  • Security decisions motivated by costs — Postponing investments due to short-term budget pressures generates costs that arrive later — with interest —, especially when serious cyber attacks materialize.
  • Using legacy access models — VPNs that authenticate once and grant broad network access remain one of the most exploited entry points in numerous cyberattacks. VPN CVEs increased by 82.5% during the analyzed period.
  • Prioritizing fads over execution — Purchasing the latest tools without fully implementing them and expecting technology to compensate for shortcomings in processes is a vulnerability in itself. Tools do not generate results; the execution does.

The study also highlights that the impact of these deficiencies is especially critical in Spain, where the high intensity of cyberattacks amplifies any operational weakness. In this context, SonicWall insists that the difference between being protected or exposed does not depend solely on the technology, but on its correct implementation and management.

With this approach, the Cyber ​​Protect 2026 report seeks to help Spanish SMEs and their managed service providers translate threat intelligence into concrete business decisions, in an environment where the pressure of cyberattacks continues to grow.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.