Private Spanish companies accounted for 22,000 more cybersecurity incidents than INCIBE, which managed 83,500 incidents in 2023.

The National Cybersecurity Institute (INCIBE), an entity under the Ministry for Digital Transformation and Public Administration, through the Secretary of State for Digitalisation and Artificial Intelligence, published its Cybersecurity Balance Sheet for the year 2023, which reflects a 24% increase in incidents compared to the previous year.

In total, 83,517 cases were handled by INCIBE’s CERT, of which more than 58,000 affected internet users and the rest - more than 22,000 - affected private businesses (including SMEs, micro-SMEs and the self-employed). Additionally, 183,077 vulnerable systems were identified.

Attacks and fraud

In regards to citizen and business incidents, more than 9,000 attacks rendered devices such as computers, mobile phones unusable. Also, more than 28,000 cases of fraud were reported by victims. Over 7,000 websites containing abusive content were detected and taken down.

Within the framework of incidents to essential and critical operators, 237 incidents were managed. These businesses and services, which are indispensable for the smooth daily functioning of society, include the following sectors: 25.42% to financial and tax systems, 25% to transport, 22.08% to energy, 18.33% to Information and Communication Technologies (ICT) and 4.58% to water. In addition, 1,673 incidents have been recorded concerning universities, health institutions and other RedIRIS entities.

Finally, it should be noted that phishing  (identity theft via e-mail) still appears to be the most frequent incident, with 14,261 cases of this type of fraud managed.