Spain recorded more than 97,000 cybersecurity incidents in 2024, 32% of which targeted businesses
ZIUR highlights these data at the "Voice of Industry in the Basque Country" conference, organized by the Industrial Cybersecurity Center (CCI) in San Sebastian
ZIUR, a foundation of the Provincial Council of Gipuzkoa, participated as host in the conference organized by the Industrial Cybersecurity Center (CCI) at the Arima Hotel in San Sebastian. Under the title "Voice of Industry in the Basque Country," the event brought together experts and professionals from the world of cybersecurity and representatives from leading companies such as Deloitte, Fortinet, Kaspersky, S21Sec, and TxOne Networks.
Representatives from industrial organizations in the Basque Country also participated in this conference to share experiences, discuss the main challenges facing the sector, and analyze current trends in industrial cybersecurity and industrial cyberintelligence.
The director of the Gipuzkoa Industrial Cybersecurity Center, María Penilla, outlined the current situation of the Basque and national industry and warned that "Spain suffered 97,348 cybersecurity incidents in 2024, i.e., 16.6% more than in 2023." This represents around 260 incidents per day, 11 every hour. Those targeting companies also increased by 43.2%, reaching 31,540, 32% of the total, according to data from Incibe. That same year, more than 183,851 relevant vulnerable systems were identified, and attempts to exploit critical vulnerabilities in OT environments increased, she emphasized.
As Penilla pointed out, this trend has continued into the first months of 2025, a year in which "severe risks such as uncontrolled remote access, unprotected devices, and lack of IT and OT network segmentation continue to persist."
93,000 computers exposed in the Basque Country
The director of ZIUR also highlighted the Basque industrial landscape and noted that "more than 93,000 computer devices in the Basque Country were at risk of a cyberattack by the end of 2024." "During 2023, almost 7,000 companies in Gipuzkoa suffered a cyberincident, so it is essential that companies have an internal cybersecurity protocol," she emphasized.
Penilla praised the Foundation's work and detailed ZIUR's three priority lines of work in 2025: assessing the maturity of industrial cybersecurity through the BAS (Breach and Attack Simulation) project and ICS audits; launching spear phishing campaigns to measure awareness through phishing attack simulations; and awareness-raising and training campaigns to strengthen organizational resilience and the emotional response of technical teams.