Spain has established itself as one of the European countries most exposed to cyber attacks, with 605 significant incidents during the second half of 2025. This is established by the NTT DATA Cyber ​​Threat Intelligence team in its report ‘Trends and cyber threats’, which has studied the impact of these risks recorded globally during the second half of the year. Economic motivation is the main driver of these cyberattacks, which cause an average of three serious incidents per day.

Affected sectors

The research highlights that the sectors that suffer the most from cyberattacks in Spain do not follow the same patterns as in the rest of the world, with the local industry being one of the priority focuses for criminal actors. The Spanish manufacturing sector, for example, has experienced cyberattacks and intrusions against the systems that automate and monitor its operations. This has generated numerous cases in the second half in which companies have been forced to stop production lines to prevent the spread of cyberattacks. Other sectors vital to the economy, such as food, logistics or tourism, have also suffered cyberattacks and unauthorized access to their operational portals, although most of them have not been publicly disclosed.

The threat also affects essential services, and public administration is once again among the sectors most affected by cyberattacks. Technological heterogeneity and the coexistence of multiple administrative levels increase their exposure surface to these cyberattacks. Health services, which also include private clinics and regional centers, are among the sectors most affected by cyberattacks and cyberincidents, with a specific impact on patients due to delays in medical consultations and procedures derived from these cyberattacks.

“The cyberattacks recorded in these months not only confirm the sophistication of the attackers, but also the unavoidable imperative to shield resilience in areas where the impact would have critical operational, economic and social consequences,” says Sandra Somastre Gonzalez, researcher in the Cyber ​​Threats team at NTT DATA Spain. “The country is now a critical target for cyber attacks, which requires accelerating the transition towards a more robust, cohesive and, above all, preventive cybersecurity framework,” he adds.

Focus on ransomware

Most of the recorded cyberattacks respond to ransomware campaigns. This trend is explained by the high degree of digitalization of the country, the economic relevance of certain sectors and the presence of a business fabric made up mainly of SMEs with unequal levels of protection against increasingly sophisticated cyber attacks.

At the European level, Germany stands out, having suffered more than 856 cyber attacks in the second half of 2025, which positions it as the main European target. The report also points out the sustained intensification of the hybrid dimension of the war between Russia and Ukraine, with cyberattacks not only on Ukrainian targets, but also on European institutions and companies.

Cyberattacks on global level

In 2025, cybercrime has confirmed its role as a systemic risk for organizations, driven largely by the increase in cyberattacks, and its annual economic impact exceeds the barrier of 10 trillion dollars annually for the first time (around 8.5 trillion euros, according to the current exchange rate).

One of the explanations for this increase is found in the use of artificial intelligence, which is no longer an emerging trend but has become a tactical accelerator, already integrated into the different phases of cyberattacks. Its use allows us to accelerate specific tasks, such as content generation and linguistic and cultural adaptation, as well as the modification of malicious tools used in cyber attacks. The research also indicates that AI does not replace human operators, but rather reduces the cognitive and operational cost of each event. The expectation is that its use will continue to expand, not so much through disruptive techniques, but as an accelerator of already existing processes: automation of recognition, advanced personalization of social engineering and optimization of target selection in complex cyberattacks.

Most of the recorded cyberattacks respond to ransomware campaigns

Ransomware cyberattacks, the most common incident, have an average total cost of more than $5 million, including disruption and recovery periods. In terms of data breaches, where the average cost exceeds four million dollars, the report highlights the importance of European data protection regulatory frameworks, which allow greater standardization of response processes to cyber attacks for firms.

Complexity in cyber attacks

Despite the high costs associated with cyberattacks, market estimates published during 2025 have placed global spending on information security and risk management at around USD 213 billion, which would represent year-on-year growth of close to 14%.

Looking ahead to the new year, the report highlights a sustained increase in campaigns based on silent persistence (those that seek to maintain access, operate or influence without being detected in the long term), abuse of identities and exploitation of trust relationships, both human and technical, which will lead to new cyberattacks that are more difficult to detect. These trends, as well as the evolution in the use of artificial intelligence, will further reduce the barriers to entry to cybercrime and expand the base of actors capable of executing complex cyberattacks.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.