Press Room
Cipher warns Spain’s Senate about Europe’s dependency on overseas cybersecurity firms and the need for Spanish SMEs and small communities to implement the EU’s NIS2 directive
Latest International Telecommunication Union report says cyberattacks have increased by 300% in Spain since 2015. In 2024, there were more than 100,000 cyberattacks against sensitive infrastructure and organizations.
Madrid, May 20, 2025. – David Fernández, CEO of Cipher, the cybersecurity division of Prosegur Group, a global leader in the private security sector, spoke today at the Spanish Senate’s Joint Commission on National Security: “Analysis of Threats in Cyberspace in the Age of Artificial Intelligence and Quantum Computing," contributing his expert vision toward developing a risk report and recommendations to improve this sector.
Among the key issues the session addressed: The need for cybersecurity legislation in the context of the European Union’s NIS2 regulation. Spain’s organizational and technological fragmentation as it faces a range of threats in a hyperconnected environment. Europe's dependence on a few foreign providers of cyber protection technology. The need to develop home-grown talent in this area.
Additionally, delegates analyzed public-private collaboration as a way to eliminate administrative barriers, share threat information and develop joint solutions. At the same time, Spain needs to develop its private technology sector to avoid technological concentration and dependence on, at times, a single overseas technology provider.
Fernández described the NIS2 directive as a game-changer that will improve cybersecurity by requiring companies, organizations, and public administrations to adopt stricter measures to protect their systems. "This regulation promotes a more robust level of protection, reinforcing security throughout digital infrastructure and helping prevent attacks that can affect companies, institutions, administrations and users alike. It must always be based on an approach where reinforced protection through redundant systems takes precedence, avoiding a sense of false security rooted simply on regulatory compliance."
He added Cipher should be "a central part of Spain’s cybersecurity ecosystem, given its reputation and roots here.” Similarly, he highlighted the need for a flexible approach to contracting: "At Cipher, we believe that the current public administrations contracts, typically for four-to-six years, increases the vulnerability of systems as these are long periods that prevent adequate real-time adaptation to the rapid evolution of cyber threats." To be able to deal with cyberattacks and for Spain to compete with other major countries, Fernández said Cipher has chosen to operate from the United States "to engage with operations on an equal footing and to rationalize the use of available talent."
Cybersecurity, the focus of the Spanish government’s Industrial and Technological Security and Defense Plan
The Spanish government has agreed to allocate €1.157 billion to strengthening cybersecurity and cyber defense. These actions complement the measures included in the 2022 National Cybersecurity Plan, under the umbrella of the Industrial and Technological Security and Defense Plan, announced by Prime Minister Pedro Sánchez on April 22.
The 2024 International Telecommunication Union’s report notes that Spain’s cybersecurity is above the European average, making it the second country in the world after the United States with the most cybersecurity centers. In 2024, there were more than 100,000 cyberattacks in Spain, with a very serious event every three days. Since 2015, cyberattacks have increased by 300%.