Trend Report: State of Cybersecurity in Spanish companies

The team of analysts at ElevenPaths has carried out a study that aims to show the state of cybersecurity of both Spanish companies in general and those included in the IBEX 35.

This analysis has shown that more work is needed to integrate cybersecurity into the core of all businesses to prevent very basic errors from leading to the increased risks and incidents we see on a daily basis.

In this sense, the conclusions obtained by this report are:

“The level of security for Spanish companies is below the European average.”

Despite having very mature and sophisticated organizations in terms of cybersecurity, the results of the study place Spanish companies slightly below the European average. While countries such as Germany or France lead this ranking, Spain remains at a lower level along with other countries such as Italy, Portugal, Croatia or Slovenia.

“The two IBEX 35 companies with the highest rating belong to the Financial and Energy / Resources sectors.”

One third of the companies analyzed present an intermediate or advanced level of security, according to their rating. Among them, the two companies that stand out for having the best rating belong to the Financial and Energy / Resources sectors.

“Over 85% of IBEX 35 companies are vulnerable to POODLE, Logjam, DROWN and FREAK.”

Spanish organizations do not manage vulnerabilities effectively and lack adequate update and patching policies. The report’s findings reveal that a large number of the organizations analyzed are exposed to these four cryptographic vulnerabilities. The problem acquires a bigger dimension since most of the vulnerabilities detected have been published for more than a year in the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST), and have public exploits to exploit them.

“Threats targeting the mobile channel have made their way to the third place in the ranking of the most widespread infections within Spanish companies.”

Furthermore, it is confirmed that, with the increasing use of mobile devices, the risks associated with their use continue to grow. Risks not only affect companies because of their employees’ use of mobile applications, but also affect the relationships that companies have with their end customers through the impersonation of mobile applications.

“Only 6 IBEX 35 companies did not present any system compromises in the last year.”

More than 80% of the companies analyzed have been affected by some type of malware in the last year. Standing out from this figure, several malware families especially targeted at certain sectors, such as Multiplug in the Aerospace / Defense sector. It is also remarkable that the most widespread infection, Conficker, which affects more than 60% of IBEX 35 companies, has had a patch for several years. 

In order to carry out this report we have relied on the information provided by our partner BitSight, which calculates the security ratings of companies based on information external to the organizations themselves. The data set covered by the report includes around 1 000 000 IP addresses allocated to a total of 850 organizations.

» Download the full report about the “State of Cybersecurity in Spanish companies”.

DOWNLOAD THE REPORT